├── .github └── workflows │ └── multi-arch-test-build.yml ├── LICENSE ├── README.md ├── chinadns-ng └── Makefile ├── dns2socks-rust └── Makefile ├── dns2socks └── Makefile ├── dns2tcp └── Makefile ├── dnsproxy └── Makefile ├── gn ├── Makefile └── src │ └── out │ └── last_commit_position.h ├── hysteria └── Makefile ├── ipt2socks └── Makefile ├── lua-neturl ├── Makefile └── patches │ └── 010-userinfo-regex.patch ├── luci-app-ssr-plus ├── Makefile ├── luasrc │ ├── controller │ │ └── shadowsocksr.lua │ ├── model │ │ └── cbi │ │ │ └── shadowsocksr │ │ │ ├── advanced.lua │ │ │ ├── client-config.lua │ │ │ ├── client.lua │ │ │ ├── control.lua │ │ │ ├── log.lua │ │ │ ├── server-config.lua │ │ │ ├── server.lua │ │ │ ├── servers.lua │ │ │ └── status.lua │ └── view │ │ └── shadowsocksr │ │ ├── backup_restore.htm │ │ ├── certupload.htm │ │ ├── check.htm │ │ ├── checkport.htm │ │ ├── log.htm │ │ ├── ping.htm │ │ ├── refresh.htm │ │ ├── reset.htm │ │ ├── server_list.htm │ │ ├── socket.htm │ │ ├── ssrurl.htm │ │ ├── status.htm │ │ └── subscribe.htm ├── po │ ├── templates │ │ └── ssr-plus.pot │ ├── zh-cn │ └── zh_Hans │ │ └── ssr-plus.po └── root │ ├── etc │ ├── config │ │ └── shadowsocksr │ ├── init.d │ │ └── shadowsocksr │ ├── ssrplus │ │ ├── ad.conf │ │ ├── applechina.conf │ │ ├── black.list │ │ ├── china_ssr.txt │ │ ├── deny.list │ │ ├── dnsproxy_dns.list │ │ ├── gfw_base.conf │ │ ├── gfw_list.conf │ │ ├── mosdns-config.yaml │ │ ├── netflix.list │ │ ├── netflixip.list │ │ ├── oversea_list.conf │ │ └── white.list │ └── uci-defaults │ │ └── luci-ssr-plus │ └── usr │ ├── bin │ ├── ssr-monitor │ ├── ssr-rules │ └── ssr-switch │ └── share │ ├── rpcd │ └── acl.d │ │ └── luci-app-ssr-plus.json │ ├── shadowsocksr │ ├── chinaipset.sh │ ├── gen_config.lua │ ├── genred2config.sh │ ├── gfw2ipset.sh │ ├── shadowsocksr.config │ ├── ssrplusupdate.sh │ ├── subscribe.lua │ └── update.lua │ └── ucitrack │ └── luci-app-ssr-plus.json ├── microsocks └── Makefile ├── mosdns ├── Makefile └── patches │ ├── 203-add-response-for-bad-request-in-ServeHTTP-handler.patch │ ├── 204-black_hole-apply-Fisher-Yates-shuffle-algorithm-to-r.patch │ └── 205-format-logtime.patch ├── naiveproxy ├── Makefile └── src │ └── init_env.sh ├── redsocks2 └── Makefile ├── shadow-tls └── Makefile ├── shadowsocks-libev ├── Makefile ├── README.md ├── files │ ├── shadowsocks-libev.config │ ├── shadowsocks-libev.init │ └── ss-rules │ │ ├── chain.uc │ │ ├── set.uc │ │ └── ss-rules.uc └── patches │ ├── 100-Upgrade-PCRE-to-PCRE2.patch │ ├── 101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch │ └── 102-deprecate-load16-be-replace-with-ntohs.patch ├── shadowsocks-rust └── Makefile ├── shadowsocksr-libev ├── Makefile ├── patches │ ├── 0001-Add-ss-server-and-ss-check.patch │ ├── 0002-Revert-verify_simple-and-auth_simple.patch │ ├── 0003-Refine-Usage.patch │ ├── 100-fix-gcc-10.patch │ ├── 101-Fix-Werror-sizeof-pointer-memaccess.patch │ ├── 102-Read-listening-mode-from-config.patch │ ├── 103-Add-TPROXY-support-for-TCP-ssr-redir.patch │ ├── 104-fix-use-after-free.patch │ └── 105-Upgrade-PCRE-to-PCRE2.patch └── src │ └── server │ ├── Makefile.am │ ├── Makefile.in │ ├── README.md │ ├── acl.c │ ├── acl.h │ ├── auth.c │ ├── auth.h │ ├── base64.c │ ├── base64.h │ ├── cache.c │ ├── cache.h │ ├── check.c │ ├── common.h │ ├── crc32.c │ ├── encrypt.c │ ├── encrypt.h │ ├── http.c │ ├── http.h │ ├── http_simple.c │ ├── http_simple.h │ ├── jconf.c │ ├── jconf.h │ ├── json.c │ ├── json.h │ ├── list.c │ ├── list.h │ ├── netutils.c │ ├── netutils.h │ ├── obfs.c │ ├── obfs.h │ ├── obfsutil.c │ ├── protocol.h │ ├── resolv.c │ ├── resolv.h │ ├── rule.c │ ├── rule.h │ ├── server.c │ ├── server.h │ ├── tls.c │ ├── tls.h │ ├── tls1.2_ticket.c │ ├── tls1.2_ticket.h │ ├── udprelay.c │ ├── udprelay.h │ ├── uthash.h │ ├── utils.c │ ├── utils.h │ ├── verify.c │ └── verify.h ├── simple-obfs └── Makefile ├── tcping └── Makefile ├── trojan └── Makefile ├── tuic-client └── Makefile ├── v2ray-core └── Makefile ├── v2ray-plugin └── Makefile ├── v2raya ├── Makefile └── files │ ├── v2raya.config │ └── v2raya.init ├── xray-core └── Makefile └── xray-plugin └── Makefile /.github/workflows/multi-arch-test-build.yml: -------------------------------------------------------------------------------- 1 | name: Test Build 2 | 3 | on: 4 | pull_request: 5 | paths-ignore: 6 | - '**.md' 7 | 8 | jobs: 9 | build: 10 | name: Test ${{ matrix.arch }} 11 | runs-on: ubuntu-latest 12 | strategy: 13 | fail-fast: false 14 | matrix: 15 | include: 16 | - arch: arm_cortex-a9_vfpv3-d16 17 | target: mvebu-cortexa9 18 | 19 | - arch: mips_24kc 20 | target: ath79-generic 21 | 22 | - arch: mipsel_24kc 23 | target: mt7621 24 | 25 | - arch: aarch64_cortex-a53 26 | target: mvebu-cortexa53 27 | 28 | - arch: arm_cortex-a15_neon-vfpv4 29 | target: armvirt-32 30 | 31 | - arch: i386_pentium-mmx 32 | target: x86-geode 33 | 34 | - arch: x86_64 35 | target: x86-64 36 | 37 | steps: 38 | - name: Free Disk Space 39 | uses: jlumbroso/free-disk-space@main 40 | with: 41 | tool-cache: true 42 | android: true 43 | dotnet: true 44 | haskell: true 45 | large-packages: true 46 | docker-images: true 47 | swap-storage: true 48 | 49 | - uses: actions/checkout@v3 50 | with: 51 | fetch-depth: 0 52 | 53 | - name: Determine branch name 54 | run: | 55 | BRANCH="${GITHUB_BASE_REF#refs/heads/}" 56 | echo "Building for $BRANCH" 57 | echo "BRANCH=$BRANCH" >> $GITHUB_ENV 58 | 59 | - name: Determine changed packages 60 | run: | 61 | # only detect packages with changes 62 | PKG_ROOTS=$(find . -name Makefile | \ 63 | grep -v ".*/src/Makefile" | \ 64 | sed -e 's@./\(.*\)/Makefile@\1/@') 65 | CHANGES=$(git diff --diff-filter=d --name-only origin/$BRANCH) 66 | 67 | for ROOT in $PKG_ROOTS; do 68 | for CHANGE in $CHANGES; do 69 | if [[ "$CHANGE" == "$ROOT"* ]]; then 70 | PACKAGES+=$(echo "$ROOT" | sed -e 's@\(.*\)/@\1 @') 71 | break 72 | fi 73 | done 74 | done 75 | # fallback to test packages if nothing explicitly changes this is 76 | # should run if other mechanics in packages.git changed 77 | PACKAGES="${PACKAGES:-luci-app-ssr-plus}" 78 | 79 | echo "Building $PACKAGES" 80 | echo "PACKAGES=$PACKAGES" >> $GITHUB_ENV 81 | 82 | - name: Build 83 | uses: immortalwrt/gh-action-sdk@v5 84 | env: 85 | ARCH: ${{ matrix.arch }} 86 | FEEDNAME: packages_ci 87 | V: s 88 | 89 | - name: Move created packages to project dir 90 | run: cp bin/packages/${{ matrix.arch }}/packages_ci/*.ipk . || true 91 | 92 | - name: Collect metadata 93 | run: | 94 | MERGE_ID=$(git rev-parse --short HEAD) 95 | echo "MERGE_ID=$MERGE_ID" >> $GITHUB_ENV 96 | echo "BASE_ID=$(git rev-parse --short HEAD^1)" >> $GITHUB_ENV 97 | echo "HEAD_ID=$(git rev-parse --short HEAD^2)" >> $GITHUB_ENV 98 | PRNUMBER=${GITHUB_REF_NAME%/merge} 99 | echo "PRNUMBER=$PRNUMBER" >> $GITHUB_ENV 100 | echo "ARCHIVE_NAME=${{matrix.arch}}-PR$PRNUMBER-$MERGE_ID" >> $GITHUB_ENV 101 | 102 | - name: Generate metadata 103 | run: | 104 | cat << _EOF_ > PKG-INFO 105 | Metadata-Version: 2.1 106 | Name: ${{env.ARCHIVE_NAME}} 107 | Version: $BRANCH 108 | Author: $GITHUB_ACTOR 109 | Home-page: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/$PRNUMBER 110 | Download-URL: $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID 111 | Summary: $PACKAGES 112 | Platform: ${{ matrix.arch }} 113 | 114 | Packages for ImmortalWrt $BRANCH running on ${{matrix.arch}}, built from PR $PRNUMBER 115 | at commit $HEAD_ID, against $BRANCH at commit $BASE_ID, with merge SHA $MERGE_ID. 116 | 117 | Modified packages: 118 | _EOF_ 119 | for p in $PACKAGES 120 | do 121 | echo " "$p >> PKG-INFO 122 | done 123 | echo >> PKG-INFO 124 | echo Full file listing: >> PKG-INFO 125 | ls -al *.ipk >> PKG-INFO || true 126 | cat PKG-INFO 127 | 128 | - name: Store packages 129 | uses: actions/upload-artifact@v4 130 | with: 131 | name: ${{env.ARCHIVE_NAME}}-packages 132 | path: | 133 | Packages 134 | Packages.* 135 | *.ipk 136 | PKG-INFO 137 | 138 | - name: Store logs 139 | uses: actions/upload-artifact@v4 140 | with: 141 | name: ${{env.ARCHIVE_NAME}}-logs 142 | path: | 143 | logs/ 144 | PKG-INFO 145 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Setup instruction 2 | 3 | Install clang first. 4 | 5 | ### Method 1 - Clone this repo directly 6 | 7 | 1. Clone this repo: 8 | 9 | ```bash 10 | rm -rf package/helloworld 11 | git clone --depth=1 https://github.com/fw876/helloworld.git package/helloworld 12 | ``` 13 | 14 | 2. Pull upstream commits: 15 | 16 | ```bash 17 | git -C package/helloworld pull 18 | ``` 19 | 20 | - Remove 21 | 22 | ```bash 23 | rm -rf package/helloworld 24 | ``` 25 | 26 | ### Method 2 - Add this repo as a git submodule 27 | 28 | 1. Add new submodule: 29 | 30 | ```bash 31 | rm -rf package/helloworld 32 | git submodule add -f --name helloworld https://github.com/fw876/helloworld.git package/helloworld 33 | ``` 34 | 35 | 2. Pull upstream commits: 36 | 37 | ```bash 38 | git submodule update --remote package/helloworld 39 | ``` 40 | 41 | - Remove 42 | 43 | ```bash 44 | git submodule deinit -f package/helloworld 45 | git rm -f package/helloworld 46 | git reset HEAD .gitmodules 47 | rm -rf .git/modules{/,/package/}helloworld 48 | ``` 49 | 50 | ### Method 3 - Add this repo as an OpenWrt feed 51 | 52 | 1. Add new feed: 53 | 54 | ```bash 55 | sed -i "/helloworld/d" "feeds.conf.default" 56 | echo "src-git helloworld https://github.com/fw876/helloworld.git" >> "feeds.conf.default" 57 | ``` 58 | 59 | 2. Pull upstream commits: 60 | 61 | ```bash 62 | ./scripts/feeds update helloworld 63 | ./scripts/feeds install -a -f -p helloworld 64 | ``` 65 | 66 | - Remove 67 | 68 | ```bash 69 | sed -i "/helloworld/d" "feeds.conf.default" 70 | ./scripts/feeds clean 71 | ./scripts/feeds update -a 72 | ./scripts/feeds install -a 73 | ``` 74 | 75 | ### Note 76 | 77 | #### ⚠ For OpenWrt 21.02 or lower version 78 | You have to manually upgrade Golang toolchain to [1.21](https://github.com/openwrt/packages/tree/openwrt-23.05/lang/golang) or higher to compile Xray-core. 79 | 80 | 81 | -------------------------------------------------------------------------------- /chinadns-ng/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2023 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=chinadns-ng 8 | PKG_VERSION:=2025.03.27 9 | PKG_RELEASE:=1 10 | 11 | ifeq ($(ARCH),aarch64) 12 | ifeq ($(BOARD),rockchip) 13 | PKG_ARCH:=$(PKG_NAME)+wolfssl@aarch64-linux-musl@generic+v8a@fast+lto 14 | PKG_HASH:=2b3f77f1526da452c1884119dd01176a7964e0d3544b9fc624f67b2a7760613d 15 | else 16 | PKG_ARCH:=$(PKG_NAME)+wolfssl_noasm@aarch64-linux-musl@generic+v8a@fast+lto 17 | PKG_HASH:=0d6f5f742a3c81f907639b5e1ef2b727870f7aafc67010728e88a7968079b9c0 18 | endif 19 | else ifeq ($(ARCH),arm) 20 | # Referred to golang/golang-values.mk 21 | ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE)))) 22 | ifeq ($(ARM_CPU_FEATURES),) 23 | PKG_ARCH:=$(PKG_NAME)+wolfssl@arm-linux-musleabi@generic+v5t+soft_float@fast+lto 24 | PKG_HASH:=2699f8649897e4b8f16f9abb9e27a8740fcf76284d11500471481bf5fb1c1a2c 25 | else ifneq ($(filter $(ARM_CPU_FEATURES),vfp vfpv2),) 26 | PKG_ARCH:=$(PKG_NAME)+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto 27 | PKG_HASH:=2d972e864a90d1c5e7c874e8ff1f1229fddc03e869c7be9f3b4bf4347a7f150a 28 | else 29 | PKG_ARCH:=$(PKG_NAME)+wolfssl@arm-linux-musleabihf@generic+v7a@fast+lto 30 | PKG_HASH:=77faf3fea926752e2ab54a4d32b3de1c29ada8e075921a0e5bb219285d34d938 31 | endif 32 | else ifeq ($(ARCH),mips) 33 | PKG_ARCH:=$(PKG_NAME)+wolfssl@mips-linux-musl@mips32+soft_float@fast+lto 34 | PKG_HASH:=b8ae32305069cccf01ef2704633ab326d69bd8ef7cfb71a30722d71e9cd6787e 35 | else ifeq ($(ARCH),mipsel) 36 | ifeq ($(CONFIG_HAS_FPU),) 37 | PKG_ARCH:=$(PKG_NAME)+wolfssl@mipsel-linux-musl@mips32+soft_float@fast+lto 38 | PKG_HASH:=f12ce9b5227fefbf82401bd22379a52f2ec157c7cbe7e7dbdd2c0b2599e3a323 39 | else 40 | PKG_ARCH:=$(PKG_NAME)+wolfssl@mipsel-linux-musl@mips32@fast+lto 41 | PKG_HASH:=7cf942d7fac3cf1f86295ee1af8a724065c6ab6595ca084cbd9f5ecc34e32483 42 | endif 43 | else ifeq ($(ARCH),mips64) 44 | PKG_ARCH:=$(PKG_NAME)+wolfssl@mips64-linux-musl@mips64+soft_float@fast+lto 45 | PKG_HASH:=658d2f46caad44ba731193380b06faaeaa82501766584a6208ec4ff54d9b16e5 46 | else ifeq ($(ARCH),mips64el) 47 | PKG_ARCH:=$(PKG_NAME)+wolfssl@mips64el-linux-musl@mips64+soft_float@fast+lto 48 | PKG_HASH:=f2f5617e0348ef621e2cb41ed6c56d6911ae5d21e68cc9063b69ce99c1f54938 49 | else ifeq ($(ARCH),i386) 50 | ifneq ($(CONFIG_TARGET_x86_geode)$(CONFIG_TARGET_x86_legacy),) 51 | PKG_ARCH:=$(PKG_NAME)+wolfssl@i386-linux-musl@i686@fast+lto 52 | PKG_HASH:=d9d0c3c38ca5b3ac266ae5753a0d87b37f571a6e2a8806699f858ad348afbf5e 53 | else 54 | PKG_ARCH:=$(PKG_NAME)+wolfssl@i386-linux-musl@pentium4@fast+lto 55 | PKG_HASH:=dd54f258239f9b868c67ec4e18de074706f8b852796bfd61178f2cd145d17ff6 56 | endif 57 | else ifeq ($(ARCH),x86_64) 58 | PKG_ARCH:=$(PKG_NAME)+wolfssl@x86_64-linux-musl@x86_64@fast+lto 59 | PKG_HASH:=37b337f1006b85176840f1b82508731a292751d1ee94bb3791578d04d63f856f 60 | else ifeq ($(ARCH),riscv64) 61 | PKG_ARCH:=chinadns-ng+wolfssl@riscv64-linux-musl@baseline_rv64@fast+lto 62 | PKG_HASH:=8bf3e88c78f537595651cb1ad40196c36d4bf5c1796ff70990523784409f8155 63 | else 64 | PKG_ARCH:=dummy 65 | PKG_HASH:=dummy 66 | endif 67 | 68 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(ARCH_PACKAGES) 69 | PKG_SOURCE_URL:=https://github.com/zfl9/chinadns-ng/releases/download/$(PKG_VERSION)/$(PKG_ARCH)? 70 | UNPACK_CMD=$(CP) $(DL_DIR)/$(PKG_SOURCE) $(PKG_BUILD_DIR)/$(PKG_NAME) 71 | 72 | PKG_LICENSE:=AGPL-3.0-only 73 | PKG_LICENSE_FILES:=LICENSE 74 | PKG_MAINTAINER:=Tianling Shen 75 | 76 | include $(INCLUDE_DIR)/package.mk 77 | 78 | define Package/chinadns-ng 79 | SECTION:=net 80 | CATEGORY:=Network 81 | SUBMENU:=IP Addresses and Names 82 | TITLE:=ChinaDNS next generation, refactoring with epoll and ipset. 83 | URL:=https://github.com/zfl9/chinadns-ng 84 | DEPENDS:=@(aarch64||arm||i386||mips||mipsel||mips64||mips64el||riscv64||x86_64) 85 | endef 86 | 87 | define Package/chinadns-ng/description 88 | ChinaDNS Next Generation, refactoring with epoll and ipset. 89 | endef 90 | 91 | define Build/Compile 92 | endef 93 | 94 | define Package/chinadns-ng/install 95 | $(INSTALL_DIR) $(1)/usr/bin 96 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/chinadns-ng $(1)/usr/bin 97 | endef 98 | 99 | $(eval $(call BuildPackage,chinadns-ng)) 100 | -------------------------------------------------------------------------------- /dns2socks-rust/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0-only 2 | # 3 | # Copyright (C) 2017-2024 Zxlhhyccc 4 | # Copyright (C) 2021-2024 ImmortalWrt.org 5 | 6 | include $(TOPDIR)/rules.mk 7 | 8 | PKG_NAME:=dns2socks-rust 9 | PKG_VERSION:=0.2.0 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE_PROTO:=git 13 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 14 | PKG_SOURCE_URL:=https://github.com/tun2proxy/dns2socks.git 15 | PKG_SOURCE_DATE:=2025-03-19 16 | PKG_SOURCE_VERSION:=5f5805bc5eba6530cec27f76860db1e19c1f2382 17 | PKG_MIRROR_HASH:=f45ff9bff184f6eddbc444fc9a0611a47043e3b3422b7c33459bf7e03f37c37e 18 | 19 | PKG_MAINTAINER:=Zxlhhyccc 20 | PKG_LICENSE:=MIT 21 | PKG_LICENSE_FILES:=LICENSE 22 | 23 | PKG_BUILD_PARALLEL:=1 24 | 25 | PKG_BUILD_DEPENDS:=rust/host 26 | PKG_BUILD_PARALLEL:=1 27 | 28 | #RUST_PKG:=dns2socks 29 | 30 | include $(INCLUDE_DIR)/package.mk 31 | include $(TOPDIR)/feeds/packages/lang/rust/rust-package.mk 32 | 33 | define Package/dns2socks-rust 34 | SECTION:=net 35 | CATEGORY:=Network 36 | SUBMENU:=IP Addresses and Names 37 | TITLE:=DNS forwards to SOCKS5 server 38 | URL:=https://github.com/tun2proxy/dns2socks.git 39 | DEPENDS:=$$(RUST_ARCH_DEPENDS) 40 | endef 41 | 42 | define Package/dns2socks-rust/description 43 | This is a DNS server that forwards DNS requests to a SOCKS5 server. 44 | endef 45 | 46 | define Build/Compile 47 | $(call Build/Compile/Cargo,,--all-features) 48 | endef 49 | 50 | define Package/dns2socks-rust/install 51 | $(INSTALL_DIR) $(1)/usr/bin 52 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/target/$(RUSTC_TARGET_ARCH)/release/dns2socks $(1)/usr/bin/dns2socks-rust 53 | endef 54 | 55 | $(eval $(call BuildPackage,dns2socks-rust)) 56 | -------------------------------------------------------------------------------- /dns2socks/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=dns2socks 8 | PKG_VERSION:=2.1 9 | PKG_RELEASE:=2 10 | 11 | PKG_SOURCE:=SourceCode.zip 12 | PKG_SOURCE_URL:=@SF/dns2socks 13 | PKG_SOURCE_DATE:=2020-02-18 14 | PKG_HASH:=406b5003523577d39da66767adfe54f7af9b701374363729386f32f6a3a995f4 15 | 16 | PKG_MAINTAINER:=ghostmaker 17 | PKG_LICENSE:=BSD-3-Clause 18 | PKG_LICENSE_FILE:=LICENSE 19 | 20 | include $(INCLUDE_DIR)/package.mk 21 | 22 | UNZIP_CMD:=unzip -q -d $(PKG_BUILD_DIR) $(DL_DIR)/$(PKG_SOURCE) 23 | 24 | define Package/dns2socks 25 | SECTION:=net 26 | CATEGORY:=Network 27 | SUBMENU:=IP Addresses and Names 28 | TITLE:=DNS to SOCKS or HTTP proxy 29 | URL:=http://dns2socks.sourceforge.net/ 30 | DEPENDS:=+libpthread 31 | endef 32 | 33 | define Package/dns2socks/description 34 | This is a command line utility to resolve DNS requests via 35 | a SOCKS tunnel like Tor or a HTTP proxy. 36 | endef 37 | 38 | define Build/Compile 39 | $(TARGET_CC) \ 40 | $(TARGET_CFLAGS) \ 41 | $(TARGET_CPPFLAGS) \ 42 | $(FPIC) \ 43 | -o $(PKG_BUILD_DIR)/DNS2SOCKS/dns2socks \ 44 | $(PKG_BUILD_DIR)/DNS2SOCKS/DNS2SOCKS.c \ 45 | $(TARGET_LDFLAGS) -pthread 46 | endef 47 | 48 | define Package/dns2socks/install 49 | $(INSTALL_DIR) $(1)/usr/bin 50 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/DNS2SOCKS/dns2socks $(1)/usr/bin/dns2socks 51 | endef 52 | 53 | $(eval $(call BuildPackage,dns2socks)) 54 | -------------------------------------------------------------------------------- /dns2tcp/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2022 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=dns2tcp 8 | PKG_VERSION:=1.1.2 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/zfl9/dns2tcp/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=5e8c6302a1d32c16ae7d4b8e39cd9aad1f2d7e68fe18813e76cb1e48ec5940d2 14 | 15 | PKG_MAINTAINER:=Tianling Shen 16 | PKG_LICENSE:=AGPL-3.0-only 17 | PKG_LICENSE_FILES:=LICENSE 18 | 19 | PKG_BUILD_PARALLEL:=1 20 | PKG_USE_MIPS16:=0 21 | PKG_BUILD_FLAGS:=no-mips16 gc-sections lto 22 | 23 | include $(INCLUDE_DIR)/package.mk 24 | 25 | define Package/dns2tcp 26 | SECTION:=net 27 | CATEGORY:=Network 28 | SUBMENU:=IP Addresses and Names 29 | TITLE:=utility to convert dns query from udp to tcp 30 | URL:=https://github.com/zfl9/dns2tcp 31 | endef 32 | 33 | TARGET_CFLAGS+= $(FPIC) 34 | MAKE_FLAGS+= \ 35 | CFLAGS="-std=c99 $(TARGET_CFLAGS)" \ 36 | EVCFLAGS="$(TARGET_CFLAGS)" 37 | 38 | define Package/dns2tcp/install 39 | $(INSTALL_DIR) $(1)/usr/bin 40 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/dns2tcp $(1)/usr/bin/ 41 | endef 42 | 43 | $(eval $(call BuildPackage,dns2tcp)) 44 | -------------------------------------------------------------------------------- /dnsproxy/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=dnsproxy 8 | PKG_VERSION:=0.75.5 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=a01b436cf9a6f94f7dc69536bfd3065bef358ab1be3d52508f697417999aad68 14 | 15 | PKG_MAINTAINER:=Tianling Shen 16 | PKG_LICENSE:=Apache-2.0 17 | PKG_LICENSE_FILES:=LICENSE 18 | 19 | PKG_BUILD_DEPENDS:=golang/host 20 | PKG_BUILD_PARALLEL:=1 21 | PKG_BUILD_FLAGS:=no-mips16 22 | 23 | GO_PKG:=github.com/AdguardTeam/dnsproxy 24 | GO_PKG_LDFLAGS_X:=$(GO_PKG)/internal/version.version=v$(PKG_VERSION) 25 | 26 | include $(INCLUDE_DIR)/package.mk 27 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 28 | 29 | define Package/dnsproxy 30 | SECTION:=net 31 | CATEGORY:=Network 32 | SUBMENU:=IP Addresses and Names 33 | TITLE:=Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support 34 | URL:=https://github.com/AdguardTeam/dnsproxy 35 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 36 | USERID:=dnsproxy=411:dnsproxy=411 37 | endef 38 | 39 | define Package/dnsproxy/description 40 | A simple DNS proxy server that supports all existing DNS protocols including 41 | DNS-over-TLS, DNS-over-HTTPS, DNSCrypt, and DNS-over-QUIC.Moreover, it can 42 | work as a DNS-over-HTTPS, DNS-over-TLS or DNS-over-QUIC server. 43 | endef 44 | 45 | define Package/dnsproxy/install 46 | $(call GoPackage/Package/Install/Bin,$(1)) 47 | endef 48 | 49 | $(eval $(call GoBinPackage,dnsproxy)) 50 | $(eval $(call BuildPackage,dnsproxy)) 51 | -------------------------------------------------------------------------------- /gn/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2022 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=gn 8 | PKG_RELEASE:=1 9 | 10 | PKG_SOURCE_PROTO:=git 11 | PKG_SOURCE_URL:=https://gn.googlesource.com/gn.git 12 | PKG_SOURCE_DATE:=2025-05-27 13 | PKG_SOURCE_VERSION:=a84e399f9999003472192286abc03d752c9cb1f0 14 | PKG_MIRROR_HASH:=a9aacb33c1d98fbc8064165b6e330b5686f6f5c89a9fb4ae13f9f2443b111437 15 | 16 | PKG_LICENSE:=BSD 3-Clause 17 | PKG_LICENSE_FILES:=LICENSE 18 | PKG_MAINTAINER:=Tianling Shen 19 | 20 | PKG_HOST_ONLY:=1 21 | HOST_BUILD_PARALLEL:=1 22 | 23 | include $(INCLUDE_DIR)/host-build.mk 24 | include $(INCLUDE_DIR)/package.mk 25 | 26 | define Package/gn 27 | SECTION:=devel 28 | CATEGORY:=Development 29 | TITLE:=A meta-build system that generates build files for Ninja 30 | URL:=https://gn.googlesource.com/gn/ 31 | BUILDONLY:=1 32 | endef 33 | 34 | define Package/gn/description 35 | GN can generate Ninja build files for C, C++, Rust, Objective C, 36 | and Swift source on most popular platforms. 37 | endef 38 | 39 | define Host/Configure 40 | $(PYTHON) $(HOST_BUILD_DIR)/build/gen.py \ 41 | --no-last-commit-position 42 | endef 43 | 44 | define Host/Compile 45 | +$(NINJA) -C $(HOST_BUILD_DIR)/out 46 | endef 47 | 48 | define Host/Install 49 | $(INSTALL_DIR) $(STAGING_DIR_HOSTPKG)/bin/ 50 | $(INSTALL_BIN) $(HOST_BUILD_DIR)/out/gn $(STAGING_DIR_HOSTPKG)/bin/ 51 | endef 52 | 53 | define Host/Clean 54 | $(RM) $(STAGING_DIR_HOSTPKG)/bin/gn 55 | endef 56 | 57 | $(eval $(call HostBuild)) 58 | $(eval $(call BuildPackage,gn)) 59 | -------------------------------------------------------------------------------- /gn/src/out/last_commit_position.h: -------------------------------------------------------------------------------- 1 | // Generated by build/gen.py. 2 | 3 | #ifndef OUT_LAST_COMMIT_POSITION_H_ 4 | #define OUT_LAST_COMMIT_POSITION_H_ 5 | 6 | #define LAST_COMMIT_POSITION_NUM 2238 7 | #define LAST_COMMIT_POSITION "2238 (a84e399f9999)" 8 | 9 | #endif // OUT_LAST_COMMIT_POSITION_H_ 10 | -------------------------------------------------------------------------------- /hysteria/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=hysteria 8 | PKG_VERSION:=2.6.1 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/apernet/hysteria/tar.gz/app/v$(PKG_VERSION)? 13 | PKG_HASH:=21955752d4a9fcbe42cde9e491421b67144e0070cba184884ad7f8d4ff1f48de 14 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-app-v$(PKG_VERSION) 15 | 16 | PKG_LICENSE:=MIT 17 | PKG_LICENSE_FILE:=LICENSE 18 | PKG_MAINTAINER:=Tianling Shen 19 | 20 | PKG_BUILD_DEPENDS:=golang/host 21 | PKG_BUILD_PARALLEL:=1 22 | PKG_USE_MIPS16:=0 23 | PKG_BUILD_FLAGS:=no-mips16 24 | 25 | GO_PKG:=github.com/apernet/hysteria 26 | GO_PKG_BUILD_PKG:=$(GO_PKG)/app/v2 27 | GO_PKG_LDFLAGS_X = \ 28 | $(GO_PKG)/app/v2/cmd.appVersion=v$(PKG_VERSION) \ 29 | $(GO_PKG)/app/v2/cmd.appType=release \ 30 | $(GO_PKG)/app/v2/cmd.appPlatform=$(GO_OS) \ 31 | $(GO_PKG)/app/v2/cmd.appArch=$(GO_ARCH) 32 | 33 | include $(INCLUDE_DIR)/package.mk 34 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 35 | 36 | define Package/hysteria 37 | SECTION:=net 38 | CATEGORY:=Network 39 | TITLE:=A feature-packed network utility optimized for networks of poor quality 40 | URL:=https://github.com/apernet/hysteria 41 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 42 | endef 43 | 44 | define Package/hysteria/description 45 | Hysteria is a feature-packed network utility optimized for networks 46 | of poor quality (e.g. satellite connections, congested public Wi-Fi, 47 | connecting from China to servers abroad) powered by a custom version 48 | of QUIC protocol. 49 | endef 50 | 51 | define Package/hysteria/install 52 | $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) 53 | 54 | $(INSTALL_DIR) $(1)/usr/bin/ 55 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/app $(1)/usr/bin/hysteria 56 | endef 57 | 58 | $(eval $(call GoBinPackage,hysteria)) 59 | $(eval $(call BuildPackage,hysteria)) 60 | -------------------------------------------------------------------------------- /ipt2socks/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=ipt2socks 8 | PKG_VERSION:=1.1.4 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/zfl9/ipt2socks/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=68dc76e63951d655c2fd9b420e175b5a75a50014d6db6e729398b41f2c988356 14 | 15 | PKG_BUILD_PARALLEL:=1 16 | PKG_USE_MIPS16:=0 17 | PKG_BUILD_FLAGS:=no-mips16 18 | 19 | PKG_LICENSE:=AGPL-3.0 20 | PKG_LICENSE_FILE:=LICENSE 21 | 22 | include $(INCLUDE_DIR)/package.mk 23 | 24 | define Package/ipt2socks 25 | SECTION:=net 26 | CATEGORY:=Network 27 | TITLE:=Convert iptables to socks5 28 | URL:=https://github.com/zfl9/ipt2socks 29 | DEPENDS:=+libpthread 30 | endef 31 | 32 | define Package/ipt2socks/description 33 | Utility for converting iptables (redirect/tproxy) to socks5. 34 | endef 35 | 36 | TARGET_CFLAGS+= $(FPIC) -flto 37 | MAKE_FLAGS+= \ 38 | CFLAGS="-std=c99 -pthread $(TARGET_CFLAGS)" \ 39 | EVCFLAGS="$(TARGET_CFLAGS)" 40 | 41 | define Package/ipt2socks/install 42 | $(INSTALL_DIR) $(1)/usr/bin 43 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/ipt2socks $(1)/usr/bin 44 | endef 45 | 46 | $(eval $(call BuildPackage,ipt2socks)) 47 | -------------------------------------------------------------------------------- /lua-neturl/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2022-2023 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=neturl 8 | PKG_REAL_VERSION:=1.2-1 9 | PKG_VERSION:=$(subst -,.,$(PKG_REAL_VERSION)) 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_REAL_VERSION).tar.gz 13 | PKG_SOURCE_URL:=https://codeload.github.com/golgote/neturl/tar.gz/v$(PKG_REAL_VERSION)? 14 | PKG_HASH:=fc4ea1b114125ae821bef385936cd12429485204576e77b6283692bd0cc9b1ab 15 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REAL_VERSION) 16 | 17 | PKG_MAINTAINER:=Tianling Shen 18 | PKG_LICENSE:=MIT 19 | PKG_LICNESE_FILES:=LICENSE.txt 20 | 21 | include $(INCLUDE_DIR)/package.mk 22 | 23 | define Package/lua-neturl 24 | SUBMENU:=Lua 25 | SECTION:=lang 26 | CATEGORY:=Languages 27 | TITLE:=URL and Query string parser, builder, normalizer for Lua 28 | URL:=https://github.com/golgote/neturl 29 | DEPENDS:=+lua 30 | PKGARCH:=all 31 | endef 32 | 33 | define Package/lua-neturl/description 34 | This small Lua library provides a few functions to parse URL with 35 | querystring and build new URL easily. 36 | endef 37 | 38 | define Build/Compile 39 | endef 40 | 41 | define Package/lua-neturl/install 42 | $(INSTALL_DIR) $(1)/usr/lib/lua 43 | $(CP) $(PKG_BUILD_DIR)/lib/net/url.lua $(1)/usr/lib/lua/ 44 | endef 45 | 46 | $(eval $(call BuildPackage,lua-neturl)) 47 | -------------------------------------------------------------------------------- /lua-neturl/patches/010-userinfo-regex.patch: -------------------------------------------------------------------------------- 1 | --- a/lib/net/url.lua 2 | +++ b/lib/net/url.lua 3 | @@ -340,7 +340,7 @@ function M:setAuthority(authority) 4 | self.password = v 5 | return '' 6 | end) 7 | - if string.find(userinfo, "^[%w%+%.]+$") then 8 | + if string.find(userinfo, "^[%p%w%+%.]+$") then 9 | self.user = userinfo 10 | else 11 | -- incorrect userinfo 12 | @@ -369,7 +369,7 @@ function M.parse(url) 13 | comp.fragment = v 14 | return '' 15 | end) 16 | - url =url:gsub('^([%w][%w%+%-%.]*)%:', function(v) 17 | + url =url:gsub('^([%w][%w%+%-%_%.]*)%:', function(v) 18 | comp.scheme = v:lower() 19 | return '' 20 | end) 21 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/control.lua: -------------------------------------------------------------------------------- 1 | require "luci.ip" 2 | require "nixio.fs" 3 | require "luci.sys" 4 | local m, s, o 5 | 6 | local function is_finded(e) 7 | return luci.sys.exec(string.format('type -t -p "%s" 2>/dev/null', e)) ~= "" 8 | end 9 | 10 | m = Map("shadowsocksr") 11 | 12 | s = m:section(TypedSection, "access_control") 13 | s.anonymous = true 14 | 15 | -- Interface control 16 | s:tab("Interface", translate("Interface control")) 17 | o = s:taboption("Interface", DynamicList, "Interface", translate("Interface")) 18 | o.template = "cbi/network_netlist" 19 | o.widget = "checkbox" 20 | o.nocreate = true 21 | o.unspecified = true 22 | o.description = translate("Listen only on the given interface or, if unspecified, on all") 23 | 24 | -- Part of WAN 25 | s:tab("wan_ac", translate("WAN IP AC")) 26 | 27 | o = s:taboption("wan_ac", DynamicList, "wan_bp_ips", translate("WAN White List IP")) 28 | o.datatype = "ip4addr" 29 | 30 | o = s:taboption("wan_ac", DynamicList, "wan_fw_ips", translate("WAN Force Proxy IP")) 31 | o.datatype = "ip4addr" 32 | 33 | -- Part of LAN 34 | s:tab("lan_ac", translate("LAN IP AC")) 35 | 36 | o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control")) 37 | o:value("0", translate("Disable")) 38 | o:value("w", translate("Allow listed only")) 39 | o:value("b", translate("Allow all except listed")) 40 | o.rmempty = false 41 | 42 | o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List")) 43 | o.datatype = "ipaddr" 44 | luci.ip.neighbors({family = 4}, function(entry) 45 | if entry.reachable then 46 | o:value(entry.dest:string()) 47 | end 48 | end) 49 | o:depends("lan_ac_mode", "w") 50 | o:depends("lan_ac_mode", "b") 51 | 52 | o = s:taboption("lan_ac", DynamicList, "lan_bp_ips", translate("LAN Bypassed Host List")) 53 | o.datatype = "ipaddr" 54 | luci.ip.neighbors({family = 4}, function(entry) 55 | if entry.reachable then 56 | o:value(entry.dest:string()) 57 | end 58 | end) 59 | 60 | o = s:taboption("lan_ac", DynamicList, "lan_fp_ips", translate("LAN Force Proxy Host List")) 61 | o.datatype = "ipaddr" 62 | luci.ip.neighbors({family = 4}, function(entry) 63 | if entry.reachable then 64 | o:value(entry.dest:string()) 65 | end 66 | end) 67 | 68 | o = s:taboption("lan_ac", DynamicList, "lan_gm_ips", translate("Game Mode Host List")) 69 | o.datatype = "ipaddr" 70 | luci.ip.neighbors({family = 4}, function(entry) 71 | if entry.reachable then 72 | o:value(entry.dest:string()) 73 | end 74 | end) 75 | 76 | -- Part of Self 77 | -- s:tab("self_ac", translate("Router Self AC")) 78 | -- o = s:taboption("self_ac",ListValue, "router_proxy", translate("Router Self Proxy")) 79 | -- o:value("1", translatef("Normal Proxy")) 80 | -- o:value("0", translatef("Bypassed Proxy")) 81 | -- o:value("2", translatef("Forwarded Proxy")) 82 | -- o.rmempty = false 83 | 84 | s:tab("esc", translate("Bypass Domain List")) 85 | local escconf = "/etc/ssrplus/white.list" 86 | o = s:taboption("esc", TextValue, "escconf") 87 | o.rows = 13 88 | o.wrap = "off" 89 | o.rmempty = true 90 | o.cfgvalue = function(self, section) 91 | return nixio.fs.readfile(escconf) or "" 92 | end 93 | o.write = function(self, section, value) 94 | nixio.fs.writefile(escconf, value:gsub("\r\n", "\n")) 95 | end 96 | o.remove = function(self, section, value) 97 | nixio.fs.writefile(escconf, "") 98 | end 99 | 100 | s:tab("block", translate("Black Domain List")) 101 | local blockconf = "/etc/ssrplus/black.list" 102 | o = s:taboption("block", TextValue, "blockconf") 103 | o.rows = 13 104 | o.wrap = "off" 105 | o.rmempty = true 106 | o.cfgvalue = function(self, section) 107 | return nixio.fs.readfile(blockconf) or " " 108 | end 109 | o.write = function(self, section, value) 110 | nixio.fs.writefile(blockconf, value:gsub("\r\n", "\n")) 111 | end 112 | o.remove = function(self, section, value) 113 | nixio.fs.writefile(blockconf, "") 114 | end 115 | 116 | s:tab("denydomain", translate("Deny Domain List")) 117 | local denydomainconf = "/etc/ssrplus/deny.list" 118 | o = s:taboption("denydomain", TextValue, "denydomainconf") 119 | o.rows = 13 120 | o.wrap = "off" 121 | o.rmempty = true 122 | o.cfgvalue = function(self, section) 123 | return nixio.fs.readfile(denydomainconf) or " " 124 | end 125 | o.write = function(self, section, value) 126 | nixio.fs.writefile(denydomainconf, value:gsub("\r\n", "\n")) 127 | end 128 | o.remove = function(self, section, value) 129 | nixio.fs.writefile(denydomainconf, "") 130 | end 131 | 132 | s:tab("netflix", translate("Netflix Domain List")) 133 | local netflixconf = "/etc/ssrplus/netflix.list" 134 | o = s:taboption("netflix", TextValue, "netflixconf") 135 | o.rows = 13 136 | o.wrap = "off" 137 | o.rmempty = true 138 | o.cfgvalue = function(self, section) 139 | return nixio.fs.readfile(netflixconf) or " " 140 | end 141 | o.write = function(self, section, value) 142 | nixio.fs.writefile(netflixconf, value:gsub("\r\n", "\n")) 143 | end 144 | o.remove = function(self, section, value) 145 | nixio.fs.writefile(netflixconf, "") 146 | end 147 | 148 | if is_finded("dnsproxy") then 149 | s:tab("dnsproxy", translate("Dnsproxy Parse List")) 150 | local dnsproxyconf = "/etc/ssrplus/dnsproxy_dns.list" 151 | o = s:taboption("dnsproxy", TextValue, "dnsproxyconf", "", "" .. translate("Specifically for edit dnsproxy DNS parse files.") .. "") 152 | o.rows = 13 153 | o.wrap = "off" 154 | o.rmempty = true 155 | o.cfgvalue = function(self, section) 156 | return nixio.fs.readfile(dnsproxyconf) or " " 157 | end 158 | o.write = function(self, section, value) 159 | nixio.fs.writefile(dnsproxyconf, value:gsub("\r\n", "\n")) 160 | end 161 | o.remove = function(self, section, value) 162 | nixio.fs.writefile(dnsproxyconf, "") 163 | end 164 | end 165 | 166 | if luci.sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0 then 167 | m.apply_on_parse = true 168 | function m.on_apply(self) 169 | luci.sys.call("/etc/init.d/shadowsocksr reload > /dev/null 2>&1 &") 170 | end 171 | end 172 | 173 | return m 174 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/log.lua: -------------------------------------------------------------------------------- 1 | require "luci.util" 2 | require "nixio.fs" 3 | require "luci.sys" 4 | require "luci.http" 5 | 6 | f = SimpleForm("logview") 7 | f.reset = false 8 | f.submit = false 9 | f:append(Template("shadowsocksr/log")) 10 | 11 | -- 自定义 log 函数 12 | function log(...) 13 | local result = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ") 14 | local f, err = io.open("/var/log/ssrplus.log", "a") 15 | if f and err == nil then 16 | f:write(result .. "\n") 17 | f:close() 18 | end 19 | end 20 | 21 | -- 创建备份与恢复表单 22 | fb = SimpleForm('backup-restore') 23 | fb.reset = false 24 | fb.submit = false 25 | s = fb:section(SimpleSection, translate("Backup and Restore"), translate("Backup or Restore Client and Server Configurations.") .. 26 | "
" .. 27 | translate("Note: Restoring configurations across different versions may cause compatibility issues.") .. 28 | "") 29 | s.anonymous = true 30 | s:append(Template("shadowsocksr/backup_restore")) 31 | 32 | -- 定义备份目标文件和目录 33 | local backup_targets = { 34 | files = { 35 | "/etc/config/shadowsocksr" 36 | }, 37 | dirs = { 38 | "/etc/ssrplus" 39 | } 40 | } 41 | 42 | local file_path = '/tmp/shadowsocksr_upload.tar.gz' 43 | local temp_dir = '/tmp/shadowsocksr_bak' 44 | local fd 45 | 46 | -- 处理文件上传 47 | luci.http.setfilehandler(function(meta, chunk, eof) 48 | if not fd and meta and meta.name == "ulfile" and chunk then 49 | -- 初始化上传处理 50 | luci.sys.call("rm -rf " .. temp_dir) 51 | nixio.fs.remove(file_path) 52 | fd = nixio.open(file_path, "w") 53 | luci.sys.call("echo '' > /var/log/ssrplus.log") 54 | end 55 | 56 | if fd and chunk then 57 | fd:write(chunk) 58 | end 59 | 60 | if eof and fd then 61 | fd:close() 62 | fd = nil 63 | if nixio.fs.access(file_path) then 64 | log(" * shadowsocksr 配置文件上传成功…") -- 使用自定义的 log 函数 65 | luci.sys.call("mkdir -p " .. temp_dir) 66 | 67 | if luci.sys.call("tar -xzf " .. file_path .. " -C " .. temp_dir) == 0 then 68 | -- 处理文件还原 69 | for _, target in ipairs(backup_targets.files) do 70 | local temp_file = temp_dir .. target 71 | if nixio.fs.access(temp_file) then 72 | luci.sys.call(string.format("cp -f '%s' '%s'", temp_file, target)) 73 | log(" * 文件 " .. target .. " 还原成功…") -- 使用自定义的 log 函数 74 | end 75 | end 76 | 77 | -- 处理目录还原 78 | for _, target in ipairs(backup_targets.dirs) do 79 | local temp_dir_path = temp_dir .. target 80 | if nixio.fs.access(temp_dir_path) then 81 | luci.sys.call(string.format("cp -rf '%s'/* '%s/'", temp_dir_path, target)) 82 | log(" * 目录 " .. target .. " 还原成功…") -- 使用自定义的 log 函数 83 | end 84 | end 85 | 86 | log(" * shadowsocksr 配置还原成功…") -- 使用自定义的 log 函数 87 | log(" * 重启 shadowsocksr 服务中…\n") -- 使用自定义的 log 函数 88 | luci.sys.call('/etc/init.d/shadowsocksr restart > /dev/null 2>&1 &') 89 | else 90 | log(" * shadowsocksr 配置文件解压失败,请重试!") -- 使用自定义的 log 函数 91 | end 92 | else 93 | log(" * shadowsocksr 配置文件上传失败,请重试!") -- 使用自定义的 log 函数 94 | end 95 | 96 | -- 清理临时文件 97 | luci.sys.call("rm -rf " .. temp_dir) 98 | nixio.fs.remove(file_path) 99 | end 100 | end) 101 | 102 | return f, fb 103 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server-config.lua: -------------------------------------------------------------------------------- 1 | -- Copyright (C) 2017 yushi studio 2 | -- Licensed to the public under the GNU General Public License v3. 3 | require "luci.http" 4 | require "luci.dispatcher" 5 | require "nixio.fs" 6 | 7 | local m, s, o 8 | local sid = arg[1] 9 | 10 | local encrypt_methods = { 11 | "rc4-md5", 12 | "rc4-md5-6", 13 | "rc4", 14 | "table", 15 | "aes-128-cfb", 16 | "aes-192-cfb", 17 | "aes-256-cfb", 18 | "aes-128-ctr", 19 | "aes-192-ctr", 20 | "aes-256-ctr", 21 | "bf-cfb", 22 | "camellia-128-cfb", 23 | "camellia-192-cfb", 24 | "camellia-256-cfb", 25 | "cast5-cfb", 26 | "des-cfb", 27 | "idea-cfb", 28 | "rc2-cfb", 29 | "seed-cfb", 30 | "salsa20", 31 | "chacha20", 32 | "chacha20-ietf" 33 | } 34 | 35 | local encrypt_methods_ss = { 36 | -- aead 37 | "aes-128-gcm", 38 | "aes-192-gcm", 39 | "aes-256-gcm", 40 | "chacha20-ietf-poly1305", 41 | "xchacha20-ietf-poly1305", 42 | -- aead 2022 43 | "2022-blake3-aes-128-gcm", 44 | "2022-blake3-aes-256-gcm", 45 | "2022-blake3-chacha20-poly1305" 46 | --[[ stream 47 | "table", 48 | "rc4", 49 | "rc4-md5", 50 | "aes-128-cfb", 51 | "aes-192-cfb", 52 | "aes-256-cfb", 53 | "aes-128-ctr", 54 | "aes-192-ctr", 55 | "aes-256-ctr", 56 | "bf-cfb", 57 | "camellia-128-cfb", 58 | "camellia-192-cfb", 59 | "camellia-256-cfb", 60 | "salsa20", 61 | "chacha20", 62 | "chacha20-ietf" ]] 63 | } 64 | 65 | local protocol = {"origin"} 66 | 67 | obfs = {"plain", "http_simple", "http_post"} 68 | 69 | m = Map("shadowsocksr", translate("Edit ShadowSocksR Server")) 70 | 71 | m.redirect = luci.dispatcher.build_url("admin/services/shadowsocksr/server") 72 | if m.uci:get("shadowsocksr", sid) ~= "server_config" then 73 | luci.http.redirect(m.redirect) 74 | return 75 | end 76 | 77 | -- [[ Server Setting ]]-- 78 | s = m:section(NamedSection, sid, "server_config") 79 | s.anonymous = true 80 | s.addremove = false 81 | 82 | o = s:option(Flag, "enable", translate("Enable")) 83 | o.default = 1 84 | o.rmempty = false 85 | 86 | o = s:option(ListValue, "type", translate("Server Type")) 87 | o:value("socks5", translate("Socks5")) 88 | if nixio.fs.access("/usr/bin/ssserver") or nixio.fs.access("/usr/bin/ss-server") then 89 | o:value("ss", translate("ShadowSocks")) 90 | end 91 | if nixio.fs.access("/usr/bin/ssr-server") then 92 | o:value("ssr", translate("ShadowsocksR")) 93 | end 94 | o.default = "socks5" 95 | 96 | o = s:option(Value, "server_port", translate("Server Port")) 97 | o.datatype = "port" 98 | math.randomseed(tostring(os.time()):reverse():sub(1, 7)) 99 | o.default = math.random(10240, 20480) 100 | o.rmempty = false 101 | o.description = translate("warning! Please do not reuse the port!") 102 | 103 | o = s:option(Value, "timeout", translate("Connection Timeout")) 104 | o.datatype = "uinteger" 105 | o.default = 60 106 | o.rmempty = false 107 | o:depends("type", "ss") 108 | o:depends("type", "ssr") 109 | 110 | o = s:option(Value, "username", translate("Username")) 111 | o.rmempty = false 112 | o:depends("type", "socks5") 113 | 114 | o = s:option(Value, "password", translate("Password")) 115 | o.password = true 116 | o.rmempty = false 117 | 118 | o = s:option(ListValue, "encrypt_method", translate("Encrypt Method")) 119 | for _, v in ipairs(encrypt_methods) do 120 | o:value(v) 121 | end 122 | o.rmempty = false 123 | o:depends("type", "ssr") 124 | 125 | o = s:option(ListValue, "encrypt_method_ss", translate("Encrypt Method")) 126 | for _, v in ipairs(encrypt_methods_ss) do 127 | o:value(v) 128 | end 129 | o.rmempty = false 130 | o:depends("type", "ss") 131 | 132 | o = s:option(ListValue, "protocol", translate("Protocol")) 133 | for _, v in ipairs(protocol) do 134 | o:value(v) 135 | end 136 | o.rmempty = false 137 | o:depends("type", "ssr") 138 | 139 | o = s:option(ListValue, "obfs", translate("Obfs")) 140 | for _, v in ipairs(obfs) do 141 | o:value(v) 142 | end 143 | o.rmempty = false 144 | o:depends("type", "ssr") 145 | 146 | o = s:option(Value, "obfs_param", translate("Obfs param (optional)")) 147 | o:depends("type", "ssr") 148 | 149 | o = s:option(Flag, "fast_open", translate("TCP Fast Open")) 150 | o.rmempty = false 151 | o:depends("type", "ss") 152 | o:depends("type", "ssr") 153 | 154 | return m 155 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/server.lua: -------------------------------------------------------------------------------- 1 | -- Copyright (C) 2017 yushi studio 2 | -- Licensed to the public under the GNU General Public License v3. 3 | require "luci.http" 4 | require "luci.dispatcher" 5 | local m, sec, o 6 | local encrypt_methods = { 7 | "table", 8 | "rc4", 9 | "rc4-md5", 10 | "rc4-md5-6", 11 | "aes-128-cfb", 12 | "aes-192-cfb", 13 | "aes-256-cfb", 14 | "aes-128-ctr", 15 | "aes-192-ctr", 16 | "aes-256-ctr", 17 | "bf-cfb", 18 | "camellia-128-cfb", 19 | "camellia-192-cfb", 20 | "camellia-256-cfb", 21 | "cast5-cfb", 22 | "des-cfb", 23 | "idea-cfb", 24 | "rc2-cfb", 25 | "seed-cfb", 26 | "salsa20", 27 | "chacha20", 28 | "chacha20-ietf" 29 | } 30 | 31 | local encrypt_methods_ss = { 32 | -- aead 33 | "aes-128-gcm", 34 | "aes-192-gcm", 35 | "aes-256-gcm", 36 | "chacha20-ietf-poly1305", 37 | "xchacha20-ietf-poly1305", 38 | -- aead 2022 39 | "2022-blake3-aes-128-gcm", 40 | "2022-blake3-aes-256-gcm", 41 | "2022-blake3-chacha20-poly1305" 42 | --[[ stream 43 | "table", 44 | "rc4", 45 | "rc4-md5", 46 | "aes-128-cfb", 47 | "aes-192-cfb", 48 | "aes-256-cfb", 49 | "aes-128-ctr", 50 | "aes-192-ctr", 51 | "aes-256-ctr", 52 | "bf-cfb", 53 | "camellia-128-cfb", 54 | "camellia-192-cfb", 55 | "camellia-256-cfb", 56 | "salsa20", 57 | "chacha20", 58 | "chacha20-ietf" ]] 59 | } 60 | 61 | local protocol = { 62 | "origin", 63 | "verify_deflate", 64 | "auth_sha1_v4", 65 | "auth_aes128_sha1", 66 | "auth_aes128_md5", 67 | "auth_chain_a" 68 | } 69 | 70 | obfs = { 71 | "plain", 72 | "http_simple", 73 | "http_post", 74 | "random_head", 75 | "tls1.2_ticket_auth", 76 | "tls1.2_ticket_fastauth" 77 | } 78 | 79 | m = Map("shadowsocksr") 80 | -- [[ Global Setting ]]-- 81 | sec = m:section(TypedSection, "server_global", translate("Global Setting")) 82 | sec.anonymous = true 83 | 84 | o = sec:option(Flag, "enable_server", translate("Enable Server")) 85 | o.rmempty = false 86 | 87 | -- [[ Server Setting ]]-- 88 | sec = m:section(TypedSection, "server_config", translate("Server Setting")) 89 | sec.anonymous = true 90 | sec.addremove = true 91 | sec.template = "cbi/tblsection" 92 | sec.extedit = luci.dispatcher.build_url("admin/services/shadowsocksr/server/%s") 93 | function sec.create(...) 94 | local sid = TypedSection.create(...) 95 | if sid then 96 | luci.http.redirect(sec.extedit % sid) 97 | return 98 | end 99 | end 100 | 101 | o = sec:option(Flag, "enable", translate("Enable")) 102 | function o.cfgvalue(...) 103 | return Value.cfgvalue(...) or translate("0") 104 | end 105 | o.rmempty = false 106 | 107 | o = sec:option(DummyValue, "type", translate("Server Type")) 108 | function o.cfgvalue(...) 109 | return Value.cfgvalue(...) or "ss" 110 | end 111 | 112 | o = sec:option(DummyValue, "server_port", translate("Server Port")) 113 | function o.cfgvalue(...) 114 | return Value.cfgvalue(...) or "-" 115 | end 116 | 117 | o = sec:option(DummyValue, "username", translate("Username")) 118 | function o.cfgvalue(...) 119 | return Value.cfgvalue(...) or "-" 120 | end 121 | 122 | o = sec:option(DummyValue, "encrypt_method", translate("Encrypt Method")) 123 | function o.cfgvalue(self, section) 124 | local method = self.map:get(section, "encrypt_method") or self.map:get(section, "encrypt_method_ss") 125 | return method and method:upper() or "-" 126 | end 127 | 128 | o = sec:option(DummyValue, "protocol", translate("Protocol")) 129 | function o.cfgvalue(...) 130 | return Value.cfgvalue(...) or "-" 131 | end 132 | 133 | o = sec:option(DummyValue, "obfs", translate("Obfs")) 134 | function o.cfgvalue(...) 135 | return Value.cfgvalue(...) or "-" 136 | end 137 | 138 | return m 139 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/backup_restore.htm: -------------------------------------------------------------------------------- 1 |
2 | 3 |
4 | 5 |
6 |
7 | 8 |
9 | 10 |
11 | 12 |
13 |
14 | 15 |
16 | 17 |
18 | 19 |
20 |
21 | 22 | 37 | 38 | 75 | 76 | 153 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/certupload.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 3 | 4 | <%+cbi/valuefooter%> 5 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/check.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 27 | 28 | <%=self.value%> 29 | <%+cbi/valuefooter%> 30 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/checkport.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 23 | 24 | <%=self.value%> 25 | <%+cbi/valuefooter%> 26 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/log.htm: -------------------------------------------------------------------------------- 1 | <% 2 | local dsp = require "luci.dispatcher" 3 | -%> 4 | 34 |
35 | 36 | 37 |
38 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/ping.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | -- ms 3 | <%+cbi/valuefooter%> 4 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/refresh.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 35 | 36 | <%=self.value%> 37 | <%+cbi/valuefooter%> 38 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/reset.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 23 | 24 | 25 | <%+cbi/valuefooter%> 26 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm: -------------------------------------------------------------------------------- 1 | <%# 2 | Copyright 2018-2019 Lienol 3 | Licensed to the public under the Apache License 2.0. 4 | -%> 5 | 159 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/socket.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | wait 3 | 4 | 5 | 6 | <%+cbi/valuefooter%> 7 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/status.htm: -------------------------------------------------------------------------------- 1 | 17 | 18 |
19 |

20 | <%:Collecting data...%> 21 |

22 |
23 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/luasrc/view/shadowsocksr/subscribe.htm: -------------------------------------------------------------------------------- 1 | <%+cbi/valueheader%> 2 | 16 | 17 | 18 | <%+cbi/valuefooter%> 19 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/po/zh-cn: -------------------------------------------------------------------------------- 1 | zh_Hans -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/config/shadowsocksr: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fw876/helloworld/2b64d6534db231e786774dd8c27c7ad562c17eef/luci-app-ssr-plus/root/etc/config/shadowsocksr -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/ad.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fw876/helloworld/2b64d6534db231e786774dd8c27c7ad562c17eef/luci-app-ssr-plus/root/etc/ssrplus/ad.conf -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/black.list: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fw876/helloworld/2b64d6534db231e786774dd8c27c7ad562c17eef/luci-app-ssr-plus/root/etc/ssrplus/black.list -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/deny.list: -------------------------------------------------------------------------------- 1 | gvod.aiseejapp.atianqi.com 2 | stat.pandora.xiaomi.com 3 | upgrade.mishop.pandora.xiaomi.com 4 | logonext.tv.kuyun.com 5 | config.kuyun.com 6 | mishop.pandora.xiaomi.com 7 | dvb.pandora.xiaomi.com 8 | api.ad.xiaomi.com 9 | de.pandora.xiaomi.com 10 | data.mistat.xiaomi.com 11 | jellyfish.pandora.xiaomi.com 12 | gallery.pandora.xiaomi.com 13 | o2o.api.xiaomi.com 14 | bss.pandora.xiaomi.com -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/dnsproxy_dns.list: -------------------------------------------------------------------------------- 1 | # cloudflare-dns.com 2 | sdns://AgcAAAAAAAAADjEwNC4xNi4yNDkuMjQ5ABJjbG91ZGZsYXJlLWRucy5jb20KL2Rucy1xdWVyeQ 3 | # Google 4 | sdns://AgUAAAAAAAAABzguOC40LjQgsKKKE4EwvtIbNjGjagI2607EdKSVHowYZtyvD9iPrkkHOC44LjQuNAovZG5zLXF1ZXJ5 5 | # dns.sb 6 | sdns://AgcAAAAAAAAADzE4NS4yMjIuMjIyLjIyMiAOp5Svj-oV-Fz-65-8H2VKHLKJ0egmfEgrdPeAQlUFFA8xODUuMjIyLjIyMi4yMjIKL2Rucy1xdWVyeQ 7 | # Quad9 8 | sdns://AgMAAAAAAAAADTE0OS4xMTIuMTEyLjkgsBkgdEu7dsmrBT4B4Ht-BQ5HPSD3n3vqQ1-v5DydJC8SZG5zOS5xdWFkOS5uZXQ6NDQzCi9kbnMtcXVlcnk 9 | sdns://AQMAAAAAAAAADDkuOS45Ljk6ODQ0MyBnyEe4yHWM0SAkVUO-dWdG3zTfHYTAC4xHA2jfgh2GPhkyLmRuc2NyeXB0LWNlcnQucXVhZDkubmV0 10 | # AdGuard 11 | sdns://AQMAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20 12 | # Cloudflare 13 | sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk 14 | # TWNIC-101 15 | sdns://AgcAAAAAAAAAACC2vD25TAYM7EnyCH8Xw1-0g5OccnTsGH9vQUUH0njRtAxkbnMudHduaWMudHcKL2Rucy1xdWVyeQ 16 | # cs-tx 17 | sdns://AQYAAAAAAAAADTIwOS41OC4xNDcuMzYgMTNyrVlWMsJBa4cvCY-FG925ZShMbL6aTxkJZDDbqVoeMi5kbnNjcnlwdC1jZXJ0LmNyeXB0b3N0b3JtLmlz 18 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/gfw_base.conf: -------------------------------------------------------------------------------- 1 | ipset=/91smartyun.pt/gfwlist 2 | ipset=/adobe.com/gfwlist 3 | ipset=/amazonaws.com/gfwlist 4 | ipset=/ampproject.org/gfwlist 5 | ipset=/apple.news/gfwlist 6 | ipset=/aws.amazon.com/gfwlist 7 | ipset=/azureedge.net/gfwlist 8 | ipset=/backpackers.com.tw/gfwlist 9 | ipset=/bitfinex.com/gfwlist 10 | ipset=/buzzfeed.com/gfwlist 11 | ipset=/clockwise.ee/gfwlist 12 | ipset=/cloudfront.net/gfwlist 13 | ipset=/coindesk.com/gfwlist 14 | ipset=/coinsquare.io/gfwlist 15 | ipset=/cryptocompare.com/gfwlist 16 | ipset=/dropboxstatic.com/gfwlist 17 | ipset=/eurecom.fr/gfwlist 18 | ipset=/gdax.com/gfwlist 19 | ipset=/github.com/gfwlist 20 | ipset=/kknews.cc/gfwlist 21 | ipset=/nutaq.com/gfwlist 22 | ipset=/openairinterface.org/gfwlist 23 | ipset=/skype.com/gfwlist 24 | ipset=/sublimetext.com/gfwlist 25 | ipset=/textnow.com/gfwlist 26 | ipset=/textnow.me/gfwlist 27 | ipset=/trouter.io/gfwlist 28 | ipset=/t66y.com/gfwlist 29 | ipset=/uploaded.net/gfwlist 30 | ipset=/whatsapp.com/gfwlist 31 | ipset=/whatsapp.net/gfwlist 32 | ipset=/wsj.net/gfwlist 33 | ipset=/google.com/gfwlist 34 | ipset=/google.com.hk/gfwlist 35 | ipset=/gstatic.com/gfwlist 36 | ipset=/googleusercontent.com/gfwlist 37 | ipset=/googlepages.com/gfwlist 38 | ipset=/googlevideo.com/gfwlist 39 | ipset=/googlecode.com/gfwlist 40 | ipset=/googleapis.com/gfwlist 41 | ipset=/googlesource.com/gfwlist 42 | ipset=/googledrive.com/gfwlist 43 | ipset=/ggpht.com/gfwlist 44 | ipset=/youtube.com/gfwlist 45 | ipset=/youtu.be/gfwlist 46 | ipset=/ytimg.com/gfwlist 47 | ipset=/twitter.com/gfwlist 48 | ipset=/facebook.com/gfwlist 49 | ipset=/fastly.net/gfwlist 50 | ipset=/akamai.net/gfwlist 51 | ipset=/akamaiedge.net/gfwlist 52 | ipset=/akamaihd.net/gfwlist 53 | ipset=/edgesuite.net/gfwlist 54 | ipset=/edgekey.net/gfwlist 55 | server=/91smartyun.pt/127.0.0.1#5335 56 | server=/adobe.com/127.0.0.1#5335 57 | server=/amazonaws.com/127.0.0.1#5335 58 | server=/ampproject.org/127.0.0.1#5335 59 | server=/apple.news/127.0.0.1#5335 60 | server=/aws.amazon.com/127.0.0.1#5335 61 | server=/azureedge.net/127.0.0.1#5335 62 | server=/backpackers.com.tw/127.0.0.1#5335 63 | server=/bitfinex.com/127.0.0.1#5335 64 | server=/buzzfeed.com/127.0.0.1#5335 65 | server=/clockwise.ee/127.0.0.1#5335 66 | server=/cloudfront.net/127.0.0.1#5335 67 | server=/coindesk.com/127.0.0.1#5335 68 | server=/coinsquare.io/127.0.0.1#5335 69 | server=/cryptocompare.com/127.0.0.1#5335 70 | server=/dropboxstatic.com/127.0.0.1#5335 71 | server=/eurecom.fr/127.0.0.1#5335 72 | server=/gdax.com/127.0.0.1#5335 73 | server=/github.com/127.0.0.1#5335 74 | server=/kknews.cc/127.0.0.1#5335 75 | server=/nutaq.com/127.0.0.1#5335 76 | server=/openairinterface.org/127.0.0.1#5335 77 | server=/skype.com/127.0.0.1#5335 78 | server=/sublimetext.com/127.0.0.1#5335 79 | server=/textnow.com/127.0.0.1#5335 80 | server=/textnow.me/127.0.0.1#5335 81 | server=/trouter.io/127.0.0.1#5335 82 | server=/t66y.com/127.0.0.1#5335 83 | server=/uploaded.net/127.0.0.1#5335 84 | server=/whatsapp.com/127.0.0.1#5335 85 | server=/whatsapp.net/127.0.0.1#5335 86 | server=/wsj.net/127.0.0.1#5335 87 | server=/google.com/127.0.0.1#5335 88 | server=/google.com.hk/127.0.0.1#5335 89 | server=/gstatic.com/127.0.0.1#5335 90 | server=/googleusercontent.com/127.0.0.1#5335 91 | server=/googlepages.com/127.0.0.1#5335 92 | server=/googlevideo.com/127.0.0.1#5335 93 | server=/googlecode.com/127.0.0.1#5335 94 | server=/googleapis.com/127.0.0.1#5335 95 | server=/googlesource.com/127.0.0.1#5335 96 | server=/googledrive.com/127.0.0.1#5335 97 | server=/ggpht.com/127.0.0.1#5335 98 | server=/youtube.com/127.0.0.1#5335 99 | server=/youtu.be/127.0.0.1#5335 100 | server=/ytimg.com/127.0.0.1#5335 101 | server=/twitter.com/127.0.0.1#5335 102 | server=/facebook.com/127.0.0.1#5335 103 | server=/fastly.net/127.0.0.1#5335 104 | server=/akamai.net/127.0.0.1#5335 105 | server=/akamaiedge.net/127.0.0.1#5335 106 | server=/akamaihd.net/127.0.0.1#5335 107 | server=/edgesuite.net/127.0.0.1#5335 108 | server=/edgekey.net/127.0.0.1#5335 109 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/mosdns-config.yaml: -------------------------------------------------------------------------------- 1 | log: 2 | level: info 3 | plugins: 4 | - tag: lazy_cache 5 | type: cache 6 | args: 7 | size: 8000 8 | lazy_cache_ttl: 86400 9 | 10 | - tag: forward_google 11 | type: forward 12 | args: 13 | concurrent: 2 14 | upstreams: 15 | 16 | - tag: main_sequence_disable_IPv6 17 | type: sequence 18 | args: 19 | - exec: $lazy_cache 20 | - exec: prefer_ipv4 21 | - exec: $forward_google 22 | - matches: 23 | - qtype 28 65 24 | exec: reject 0 25 | 26 | - tag: main_sequence_with_IPv6 27 | type: sequence 28 | args: 29 | - exec: $lazy_cache 30 | - exec: $forward_google 31 | 32 | - tag: udp_server 33 | type: udp_server 34 | args: 35 | entry: DNS_MODE 36 | listen: 0.0.0.0:DNS_PORT 37 | 38 | - tag: tcp_server 39 | type: tcp_server 40 | args: 41 | entry: DNS_MODE 42 | listen: 0.0.0.0:DNS_PORT 43 | 44 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/netflix.list: -------------------------------------------------------------------------------- 1 | amazonaws.com 2 | aws.amazon.com 3 | awsstatic.com 4 | fast.com 5 | netflix.com 6 | netflix.net 7 | nflxext.com 8 | nflximg.net 9 | nflxso.net 10 | nflxvideo.net 11 | netflixdnstest0.com 12 | netflixdnstest1.com 13 | netflixdnstest2.com 14 | netflixdnstest3.com 15 | netflixdnstest4.com 16 | netflixdnstest5.com 17 | netflixdnstest6.com 18 | netflixdnstest7.com 19 | netflixdnstest8.com 20 | netflixdnstest9.com 21 | hulu.com 22 | huluim.com 23 | hbonow.com 24 | hbogo.com 25 | hbo.com 26 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/netflixip.list: -------------------------------------------------------------------------------- 1 | 8.41.4.0/24 2 | 23.23.189.144/28 3 | 23.246.0.0/18 4 | 34.195.253.0/25 5 | 34.210.42.111/32 6 | 37.77.184.0/21 7 | 38.72.126.0/24 8 | 45.57.0.0/17 9 | 52.24.178.0/24 10 | 52.35.140.0/24 11 | 52.89.124.203/32 12 | 54.148.37.5/32 13 | 54.204.25.0/28 14 | 54.213.167.0/24 15 | 64.120.128.0/17 16 | 66.197.128.0/17 17 | 69.53.224.0/19 18 | 103.87.204.0/22 19 | 108.175.32.0/20 20 | 185.2.220.0/22 21 | 185.9.188.0/22 22 | 192.173.64.0/18 23 | 198.38.96.0/19 24 | 198.45.48.0/20 25 | 203.75.84.0/24 26 | 203.198.13.0/24 27 | 203.198.80.0/24 28 | 207.45.72.0/22 29 | 208.75.76.0/22 30 | 210.0.153.0/24 31 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/ssrplus/white.list: -------------------------------------------------------------------------------- 1 | bilibili.com 2 | bilibili.cn 3 | bilivideo.com 4 | bilivideo.cn 5 | biliapi.com 6 | biliapi.net 7 | apple.com -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/etc/uci-defaults/luci-ssr-plus: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | uci -q batch <<-EOF >/dev/null 4 | [ -e "/etc/config/ucitrack" ] && { 5 | delete ucitrack.@shadowsocksr[-1] 6 | add ucitrack shadowsocksr 7 | set ucitrack.@shadowsocksr[-1].init=shadowsocksr 8 | commit ucitrack 9 | } 10 | 11 | delete firewall.shadowsocksr 12 | set firewall.shadowsocksr=include 13 | set firewall.shadowsocksr.type=script 14 | set firewall.shadowsocksr.path=/var/etc/shadowsocksr.include 15 | set firewall.shadowsocksr.reload=1 16 | commit firewall 17 | EOF 18 | 19 | rm -rf /etc/config/shadowsocksr-opkg /etc/ssrplus/*opkg 20 | touch /etc/ssrplus/china_ssr.txt 21 | touch /etc/ssrplus/deny.list 22 | touch /etc/ssrplus/white.list 23 | touch /etc/ssrplus/black.list 24 | touch /etc/ssrplus/netflix.list 25 | touch /etc/ssrplus/netflixip.list 26 | touch /etc/ssrplus/gfw_base.conf 27 | touch /etc/ssrplus/gfw_list.conf 28 | touch /etc/ssrplus/oversea_list.conf 29 | touch /etc/ssrplus/ad.conf 30 | touch /etc/config/shadowsocksr 31 | 32 | if [ -s "/etc/config/shadowsocksr" ]; then 33 | if uci -q get shadowsocksr.@server_subscribe[0].auto_update_time > /dev/null; then 34 | uci -q delete shadowsocksr.@server_subscribe[0].auto_update_time 35 | fi 36 | 37 | if ! uci -q get shadowsocksr.@server_subscribe[0].auto_update_week_time > /dev/null; then 38 | uci -q set shadowsocksr.@server_subscribe[0].auto_update_week_time='*' 39 | uci -q set shadowsocksr.@server_subscribe[0].auto_update_day_time='2' 40 | uci -q set shadowsocksr.@server_subscribe[0].auto_update_min_time='0' 41 | fi 42 | 43 | if ! uci -q get shadowsocksr.@server_subscribe[0].user_agent > /dev/null; then 44 | uci -q set shadowsocksr.@server_subscribe[0].user_agent='v2rayN/9.99' 45 | fi 46 | 47 | if ! uci -q get shadowsocksr.@global_xray_fragment[0] > /dev/null; then 48 | uci -q add shadowsocksr global_xray_fragment 49 | uci -q set shadowsocksr.@global_xray_fragment[0].fragment='0' 50 | uci -q set shadowsocksr.@global_xray_fragment[0].noise='0' 51 | fi 52 | 53 | uci -q commit shadowsocksr 54 | fi 55 | 56 | [ -s "/etc/config/shadowsocksr" ] || /etc/init.d/shadowsocksr reset 57 | 58 | sed -i "s/option type 'vmess'/option type 'v2ray'\n\toption v2ray_protocol 'vmess'/g" /etc/config/shadowsocksr 59 | sed -i "s/option type 'vless'/option type 'v2ray'\n\toption v2ray_protocol 'vless'/g" /etc/config/shadowsocksr 60 | sed -i "s/option encrypt_method_v2ray_ss/option encrypt_method_ss/g" /etc/config/shadowsocksr 61 | sed -i "s/option xtls/option tls/g" /etc/config/shadowsocksr 62 | sed -i "/option vless_flow/d" /etc/config/shadowsocksr 63 | sed -i "/option fingerprint 'disable'/d" /etc/config/shadowsocksr 64 | 65 | if [ -s "/etc/uwsgi/vassals/luci-webui.ini" ];then 66 | limit=$(cat /etc/uwsgi/vassals/luci-webui.ini | grep -Eo "limit-as.*"|grep -Eo "[0-9]+") 67 | [ $limit -lt 5000 ] && sed -i '/limit-as/c\limit-as = 5000' /etc/uwsgi/vassals/luci-webui.ini && \ 68 | /etc/init.d/uwsgi restart 69 | fi 70 | 71 | rm -rf /tmp/luci-modulecache /tmp/luci-indexcache 72 | exit 0 73 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/bin/ssr-switch: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # 3 | # Copyright (C) 2017 openwrt-ssr 4 | # Copyright (C) 2017 yushi studio 5 | # 6 | # This is free software, licensed under the GNU General Public License v3. 7 | # See /LICENSE for more information. 8 | # 9 | 10 | . $IPKG_INSTROOT/etc/init.d/shadowsocksr 11 | LOCK_FILE="/var/lock/ssr-switch.lock" 12 | [ -f "$LOCK_FILE" ] && exit 2 13 | touch "$LOCK_FILE" 14 | LOG_FILE=/var/log/ssrplus.log 15 | 16 | cycle_time=60 17 | switch_time=3 18 | normal_flag=0 19 | server_locate=0 20 | server_count=0 21 | ENABLE_SERVER=nil 22 | [ -n "$1" ] && cycle_time=$1 23 | [ -n "$2" ] && switch_time=$2 24 | DEFAULT_SERVER=$(uci_get_by_type global global_server) 25 | CURRENT_SERVER=$DEFAULT_SERVER 26 | 27 | #判断代理是否正常 28 | check_proxy() { 29 | local result=0 30 | local try_count=$(uci_get_by_type global switch_try_count 3) 31 | for i in $(seq 1 $try_count); do 32 | /usr/bin/ssr-check www.google.com 80 $switch_time 1 33 | if [ "$?" == "0" ]; then 34 | # echolog "Check Google Proxy Success, count=$i" 35 | result=0 36 | break 37 | else 38 | # echolog "Check Google Proxy Fail, count=$i" 39 | /usr/bin/ssr-check www.baidu.com 80 $switch_time 1 40 | if [ "$?" == "0" ]; then 41 | result=1 42 | else 43 | result=2 44 | fi 45 | fi 46 | sleep 1 47 | done 48 | return $result 49 | } 50 | 51 | test_proxy() { 52 | local servername=$(uci_get_by_name $1 server) 53 | local serverport=$(uci_get_by_name $1 server_port) 54 | ipset add whitelist $servername 2>/dev/null 55 | tcping -q -c 3 -i 1 -t 2 -p $serverport $servername 56 | if [ "$?" -gt "0" ]; then 57 | ipset del whitelist $servername 2>/dev/null 58 | return 1 59 | fi 60 | /usr/bin/ssr-check $servername $serverport $switch_time 61 | local ret=$? 62 | ipset del whitelist $servername 2>/dev/null 63 | if [ "$ret" == "0" ]; then 64 | return 0 65 | else 66 | return 1 67 | fi 68 | } 69 | 70 | search_proxy() { 71 | let server_count=server_count+1 72 | [ "$normal_flag" == "1" -a "$server_count" -le "$server_locate" ] && return 0 73 | [ "$(uci_get_by_name $1 switch_enable 0)" != "1" ] && return 1 74 | [ $ENABLE_SERVER != nil ] && return 0 75 | [ "$1" == "$CURRENT_SERVER" ] && return 0 76 | local servername=$(uci_get_by_name $1 server) 77 | local serverport=$(uci_get_by_name $1 server_port) 78 | ipset add whitelist $servername 2>/dev/null 79 | /usr/bin/ssr-check $servername $serverport $switch_time 80 | local ret=$? 81 | ipset del whitelist $servername 2>/dev/null 82 | if [ "$ret" == "0" ]; then 83 | server_locate=$server_count 84 | ENABLE_SERVER=$1 85 | return 0 86 | else 87 | return 1 88 | fi 89 | } 90 | 91 | #选择可用的代理 92 | select_proxy() { 93 | config_load $NAME 94 | ENABLE_SERVER=nil 95 | mkdir -p /var/run /var/etc 96 | server_count=0 97 | config_foreach search_proxy servers 98 | } 99 | 100 | #切换代理 101 | switch_proxy() { 102 | /etc/init.d/shadowsocksr restart $1 103 | return 0 104 | } 105 | 106 | start() { 107 | #不支持kcptun启用时的切换 108 | [ $(uci_get_by_name $DEFAULT_SERVER kcp_enable) = "1" ] && return 1 109 | while [ "1" == "1" ]; do #死循环 110 | sleep 0000$cycle_time 111 | LOGTIME=$(date "+%Y-%m-%d %H:%M:%S") 112 | #判断当前代理是否为缺省服务器 113 | if [ "$CURRENT_SERVER" != "$DEFAULT_SERVER" ]; then 114 | #echo "not default proxy" 115 | echolog "Current server is not default Main server, try to switch back." 116 | #检查缺省服务器是否正常 117 | if test_proxy $DEFAULT_SERVER; then 118 | #echo "switch to default proxy" 119 | echolog "Main server is avilable." 120 | #缺省服务器正常,切换回来 121 | CURRENT_SERVER=$DEFAULT_SERVER 122 | switch_proxy $CURRENT_SERVER 123 | echolog "switch to default "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!" 124 | else 125 | echolog "Main server is NOT avilable.Continue using current server." 126 | fi 127 | fi 128 | #判断当前代理是否正常 129 | #echolog "Start checking if the current server is available." 130 | check_proxy 131 | current_ret=$? 132 | if [ "$current_ret" == "1" ]; then 133 | #当前代理错误,判断有无可用的服务器 134 | #echo "current error" 135 | echolog "Current server error, try to switch another server." 136 | select_proxy 137 | if [ "$ENABLE_SERVER" != nil ]; then 138 | #有其他服务器可用,进行切换 139 | #echo $(uci_get_by_name $new_proxy server) 140 | echolog "Another server is avilable, now switching server." 141 | CURRENT_SERVER=$ENABLE_SERVER 142 | switch_proxy $CURRENT_SERVER 143 | normal_flag=1 144 | echolog "Switch to "$(uci_get_by_name $CURRENT_SERVER alias)" proxy!" 145 | else 146 | switch_proxy $CURRENT_SERVER 147 | normal_flag=1 148 | echolog "Try restart current server." 149 | fi 150 | else 151 | normal_flag=0 152 | # echolog "ShadowsocksR No Problem." 153 | fi 154 | done 155 | } 156 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/rpcd/acl.d/luci-app-ssr-plus.json: -------------------------------------------------------------------------------- 1 | { 2 | "luci-app-ssr-plus": { 3 | "description": "Grant UCI access for luci-app-ssr-plus", 4 | "read": { 5 | "file": { 6 | "/etc/ssrplus/*": [ "read" ] 7 | }, 8 | "uci": ["shadowsocksr"] 9 | }, 10 | "write": { 11 | "file": { 12 | "/etc/ssrplus/*": [ "write" ] 13 | }, 14 | "uci": ["shadowsocksr"] 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/shadowsocksr/chinaipset.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -f "$1" ] && china_ip=$1 3 | ipset -! flush china 2>/dev/null 4 | ipset -! -R <<-EOF || exit 1 5 | create china hash:net 6 | $(cat ${china_ip:=/etc/ssrplus/china_ssr.txt} | sed -e "s/^/add china /") 7 | EOF 8 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/shadowsocksr/genred2config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | argv1=$1 3 | argv2=$2 4 | argv3=$3 5 | argv4=$4 6 | argv5=$5 7 | argv6=$6 8 | argv7=$7 9 | argv8=$8 10 | argv9=$9 11 | cat <<-EOF >$argv1 12 | base { 13 | log_debug = off; 14 | log_info = off; 15 | log = stderr; 16 | daemon = on; 17 | redirector = iptables; 18 | reuseport = on; 19 | } 20 | EOF 21 | tcp() { 22 | if [ "$argv7" == "0" ]; then 23 | cat <<-EOF >>$argv1 24 | redsocks { 25 | bind = "0.0.0.0:$argv4"; 26 | relay = "$argv5:$argv6"; 27 | type = socks5; 28 | autoproxy = 0; 29 | timeout = 10; 30 | } 31 | EOF 32 | else 33 | cat <<-EOF >>$argv1 34 | redsocks { 35 | bind = "0.0.0.0:$argv4"; 36 | relay = "$argv5:$argv6"; 37 | type = socks5; 38 | autoproxy = 0; 39 | timeout = 10; 40 | login = "$argv8"; 41 | password = "$argv9"; 42 | } 43 | EOF 44 | fi 45 | } 46 | udp() { 47 | if [ "$argv7" == "0" ]; then 48 | cat <<-EOF >>$argv1 49 | redudp { 50 | bind = "0.0.0.0:$argv4"; 51 | relay = "$argv5:$argv6"; 52 | type = socks5; 53 | udp_timeout = 10; 54 | } 55 | EOF 56 | else 57 | cat <<-EOF >>$argv1 58 | redudp { 59 | bind = "0.0.0.0:$argv4"; 60 | relay = "$argv5:$argv6"; 61 | type = socks5; 62 | udp_timeout = 10; 63 | login = "$argv8"; 64 | password = "$argv9"; 65 | } 66 | EOF 67 | fi 68 | } 69 | case "$argv2" in 70 | socks5) 71 | case "$argv3" in 72 | tcp) 73 | tcp 74 | ;; 75 | udp) 76 | udp 77 | ;; 78 | *) 79 | tcp 80 | udp 81 | ;; 82 | esac 83 | ;; 84 | *) 85 | cat <<-EOF >>$argv1 86 | redsocks { 87 | bind = "0.0.0.0:$argv4"; 88 | type = direct; 89 | interface = $argv3; 90 | autoproxy = 0; 91 | timeout = 10; 92 | } 93 | EOF 94 | ;; 95 | esac 96 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/shadowsocksr/gfw2ipset.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . $IPKG_INSTROOT/etc/init.d/shadowsocksr 4 | 5 | netflix() { 6 | if [ -f "$TMP_DNSMASQ_PATH/gfw_list.conf" ]; then 7 | for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done 8 | for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done 9 | fi 10 | cat /etc/ssrplus/netflix.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1#$1\nipset=\/&\/netflix/" >$TMP_DNSMASQ_PATH/netflix_forward.conf 11 | } 12 | mkdir -p $TMP_DNSMASQ_PATH 13 | if [ "$(uci_get_by_type global run_mode router)" == "oversea" ]; then 14 | cp -rf /etc/ssrplus/oversea_list.conf $TMP_DNSMASQ_PATH/ 15 | else 16 | cp -rf /etc/ssrplus/gfw_list.conf $TMP_DNSMASQ_PATH/ 17 | cp -rf /etc/ssrplus/gfw_base.conf $TMP_DNSMASQ_PATH/ 18 | fi 19 | if [ "$(uci_get_by_type global netflix_enable 0)" == "1" ]; then 20 | # 只有开启 NetFlix分流 才需要取值 21 | SHUNT_SERVER=$(uci_get_by_type global netflix_server nil) 22 | else 23 | # 没有开启 设置为 nil 24 | SHUNT_SERVER=nil 25 | fi 26 | case "$SHUNT_SERVER" in 27 | nil) 28 | rm -f $TMP_DNSMASQ_PATH/netflix_forward.conf 29 | ;; 30 | $(uci_get_by_type global global_server nil) | $switch_server | same) 31 | netflix $dns_port 32 | ;; 33 | *) 34 | netflix $tmp_shunt_dns_port 35 | ;; 36 | esac 37 | # 此处使用while方式读取 防止 /etc/ssrplus/ 目录下的 black.list white.list deny.list 等2个或多个文件一行中存在空格 比如:# abc.com 而丢失:server 38 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done < /etc/ssrplus/black.list 39 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done < /etc/ssrplus/black.list 40 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done < /etc/ssrplus/white.list 41 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done < /etc/ssrplus/white.list 42 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_list.conf; done < /etc/ssrplus/deny.list 43 | while read line; do sed -i "/$line/d" $TMP_DNSMASQ_PATH/gfw_base.conf; done < /etc/ssrplus/deny.list 44 | # 此处直接使用 cat 因为有 sed '/#/d' 删除了 数据 45 | cat /etc/ssrplus/black.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1#$dns_port\nipset=\/&\/blacklist/" >$TMP_DNSMASQ_PATH/blacklist_forward.conf 46 | cat /etc/ssrplus/white.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/server=\/&\/127.0.0.1\nipset=\/&\/whitelist/" >$TMP_DNSMASQ_PATH/whitelist_forward.conf 47 | cat /etc/ssrplus/deny.list | sed '/^$/d' | sed '/#/d' | sed "/.*/s/.*/address=\/&\//" >$TMP_DNSMASQ_PATH/denylist.conf 48 | if [ "$(uci_get_by_type global adblock 0)" == "1" ]; then 49 | cp -f /etc/ssrplus/ad.conf $TMP_DNSMASQ_PATH/ 50 | if [ -f "$TMP_DNSMASQ_PATH/ad.conf" ]; then 51 | for line in $(cat /etc/ssrplus/black.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done 52 | for line in $(cat /etc/ssrplus/white.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done 53 | for line in $(cat /etc/ssrplus/deny.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done 54 | for line in $(cat /etc/ssrplus/netflix.list); do sed -i "/$line/d" $TMP_DNSMASQ_PATH/ad.conf; done 55 | fi 56 | else 57 | rm -f $TMP_DNSMASQ_PATH/ad.conf 58 | fi 59 | 60 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/shadowsocksr/shadowsocksr.config: -------------------------------------------------------------------------------- 1 | 2 | config global 3 | option global_server 'nil' 4 | option netflix_server 'nil' 5 | option netflix_proxy '0' 6 | option threads '0' 7 | option run_mode 'router' 8 | option dports '2' 9 | option custom_ports '80,443' 10 | option pdnsd_enable '1' 11 | option tunnel_forward '8.8.4.4:53' 12 | option monitor_enable '1' 13 | option enable_switch '1' 14 | option switch_time '667' 15 | option switch_timeout '5' 16 | option switch_try_count '3' 17 | option shunt_dns '1' 18 | option gfwlist_url 'https://fastly.jsdelivr.net/gh/YW5vbnltb3Vz/domain-list-community@release/gfwlist.txt' 19 | option chnroute_url 'https://ispip.clang.cn/all_cn.txt' 20 | option nfip_url 'https://fastly.jsdelivr.net/gh/QiuSimons/Netflix_IP/NF_only.txt' 21 | option adblock_url 'https://anti-ad.net/anti-ad-for-dnsmasq.conf' 22 | 23 | config server_subscribe 24 | option proxy '0' 25 | option auto_update '1' 26 | option auto_update_week_time '*' 27 | option auto_update_day_time '2' 28 | option auto_update_min_time '0' 29 | option user_agent 'v2rayN/9.99' 30 | option filter_words '过期时间/剩余流量/QQ群/官网/防失联地址/回国' 31 | 32 | config access_control 33 | option lan_ac_mode '0' 34 | option router_proxy '1' 35 | list wan_fw_ips '149.154.160.0/20' 36 | list wan_fw_ips '67.198.55.0/24' 37 | list wan_fw_ips '91.108.4.0/22' 38 | list wan_fw_ips '91.108.56.0/22' 39 | list wan_fw_ips '109.239.140.0/24' 40 | list wan_fw_ips '8.8.8.8' 41 | list wan_fw_ips '1.1.1.1' 42 | list Interface 'lan' 43 | 44 | config socks5_proxy 45 | option server 'nil' 46 | option local_port '1080' 47 | 48 | config server_global 49 | option enable_server '0' 50 | 51 | config global_xray_fragment 52 | option fragment '0' 53 | option noise '0' 54 | 55 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/shadowsocksr/ssrplusupdate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | /usr/bin/lua /usr/share/shadowsocksr/update.lua 3 | sleep 2s 4 | /usr/share/shadowsocksr/chinaipset.sh /var/etc/ssrplus/china_ssr.txt 5 | sleep 2s 6 | /usr/bin/lua /usr/share/shadowsocksr/subscribe.lua 7 | -------------------------------------------------------------------------------- /luci-app-ssr-plus/root/usr/share/ucitrack/luci-app-ssr-plus.json: -------------------------------------------------------------------------------- 1 | { 2 | "config": "shadowsocksr", 3 | "init": "shadowsocksr" 4 | } 5 | -------------------------------------------------------------------------------- /microsocks/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=microsocks 8 | PKG_VERSION:=1.0.5 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/rofl0r/microsocks/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=939d1851a18a4c03f3cc5c92ff7a50eaf045da7814764b4cb9e26921db15abc8 14 | 15 | PKG_LICENSE:=MIT 16 | PKG_LICENSE_FILES:=COPYING 17 | PKG_MAINTAINER:=lean 18 | 19 | PKG_BUILD_PARALLEL:=1 20 | PKG_INSTALL:=1 21 | 22 | include $(INCLUDE_DIR)/package.mk 23 | 24 | define Package/microsocks 25 | SECTION:=net 26 | CATEGORY:=Network 27 | SUBMENU:=Web Servers/Proxies 28 | TITLE:=Tiny, portable SOCKS5 server 29 | URL:=https://github.com/rofl0r/microsocks 30 | DEPENDS:=+libpthread 31 | endef 32 | 33 | define Package/microsocks/description 34 | A SOCKS5 service that you can run on your remote boxes to tunnel connections 35 | through them, if for some reason SSH doesn't cut it for you. 36 | endef 37 | 38 | define Package/microsocks/install 39 | $(INSTALL_DIR) $(1)/usr/bin 40 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/bin/microsocks $(1)/usr/bin/microsocks 41 | endef 42 | 43 | $(eval $(call BuildPackage,microsocks)) 44 | -------------------------------------------------------------------------------- /mosdns/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=mosdns 8 | PKG_VERSION:=5.3.3 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/IrineSistiana/mosdns/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=1d7eeaa735cb48ed2d436797d7f2a82541699f74647cd293ee411a72cdc65f5f 14 | 15 | PKG_LICENSE:=GPL-3.0 16 | PKG_LICENSE_FILE:=LICENSE 17 | PKG_MAINTAINER:=Tianling Shen 18 | 19 | PKG_BUILD_DEPENDS:=golang/host 20 | PKG_BUILD_PARALLEL:=1 21 | PKG_USE_MIPS16:=0 22 | PKG_BUILD_FLAGS:=no-mips16 23 | 24 | GO_PKG:=github.com/IrineSistiana/mosdns 25 | GO_PKG_LDFLAGS_X:=main.version=v$(PKG_VERSION) 26 | 27 | include $(INCLUDE_DIR)/package.mk 28 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 29 | 30 | define Package/mosdns 31 | SECTION:=net 32 | CATEGORY:=Network 33 | SUBMENU:=IP Addresses and Names 34 | TITLE:=A plug-in DNS forwarder/splitter 35 | URL:=https://github.com/IrineSistiana/mosdns 36 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 37 | endef 38 | 39 | define Package/mosdns/install 40 | $(call GoPackage/Package/Install/Bin,$(1)) 41 | endef 42 | 43 | $(eval $(call GoBinPackage,mosdns)) 44 | $(eval $(call BuildPackage,mosdns)) 45 | -------------------------------------------------------------------------------- /mosdns/patches/203-add-response-for-bad-request-in-ServeHTTP-handler.patch: -------------------------------------------------------------------------------- 1 | From 0b86b89629f32e7c8b859239aa1a4814f256053c Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Thu, 28 Sep 2023 16:42:54 +0800 4 | Subject: [PATCH 3/5] add response for bad request in ServeHTTP handler 5 | 6 | --- 7 | pkg/server/http_handler.go | 1 + 8 | 1 file changed, 1 insertion(+) 9 | 10 | --- a/pkg/server/http_handler.go 11 | +++ b/pkg/server/http_handler.go 12 | @@ -93,6 +93,7 @@ func (h *HttpHandler) ServeHTTP(w http.R 13 | if err != nil { 14 | h.warnErr(req, "invalid request", err) 15 | w.WriteHeader(http.StatusBadRequest) 16 | + w.Write([]byte("Bad Request")) 17 | return 18 | } 19 | 20 | -------------------------------------------------------------------------------- /mosdns/patches/204-black_hole-apply-Fisher-Yates-shuffle-algorithm-to-r.patch: -------------------------------------------------------------------------------- 1 | From e34dca717e78d24a84b98c2b5d371c4253b7e260 Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 20 Sep 2023 14:51:19 +0800 4 | Subject: [PATCH 4/5] black_hole: apply Fisher-Yates shuffle algorithm to 5 | randomize IP order 6 | 7 | --- 8 | plugin/executable/black_hole/black_hole.go | 15 +++++++++++++++ 9 | 1 file changed, 15 insertions(+) 10 | 11 | --- a/plugin/executable/black_hole/black_hole.go 12 | +++ b/plugin/executable/black_hole/black_hole.go 13 | @@ -27,6 +27,8 @@ import ( 14 | "github.com/miekg/dns" 15 | "net/netip" 16 | "strings" 17 | + "math/rand" 18 | + "sync" 19 | ) 20 | 21 | const PluginType = "black_hole" 22 | @@ -40,6 +42,7 @@ var _ sequence.Executable = (*BlackHole) 23 | type BlackHole struct { 24 | ipv4 []netip.Addr 25 | ipv6 []netip.Addr 26 | + shuffleMutex sync.Mutex 27 | } 28 | 29 | // QuickSetup format: [ipv4|ipv6] ... 30 | @@ -65,9 +68,21 @@ func NewBlackHole(ips []string) (*BlackH 31 | return b, nil 32 | } 33 | 34 | +func (b *BlackHole) shuffleIPs() { 35 | + b.shuffleMutex.Lock() 36 | + defer b.shuffleMutex.Unlock() 37 | + rand.Shuffle(len(b.ipv4), func(i, j int) { 38 | + b.ipv4[i], b.ipv4[j] = b.ipv4[j], b.ipv4[i] 39 | + }) 40 | + rand.Shuffle(len(b.ipv6), func(i, j int) { 41 | + b.ipv6[i], b.ipv6[j] = b.ipv6[j], b.ipv6[i] 42 | + }) 43 | +} 44 | + 45 | // Exec implements sequence.Executable. It set a response with given ips if 46 | // query has corresponding qtypes. 47 | func (b *BlackHole) Exec(_ context.Context, qCtx *query_context.Context) error { 48 | + b.shuffleIPs() 49 | if r := b.Response(qCtx.Q()); r != nil { 50 | qCtx.SetResponse(r) 51 | } 52 | -------------------------------------------------------------------------------- /mosdns/patches/205-format-logtime.patch: -------------------------------------------------------------------------------- 1 | From 2dc08749e2de8f19ef869e7f89c9979edbbc71ff Mon Sep 17 00:00:00 2001 2 | From: sbwml 3 | Date: Wed, 20 Sep 2023 21:05:18 +0800 4 | Subject: [PATCH 5/5] format logtime 5 | 6 | --- 7 | mlog/logger.go | 18 ++++++++++++++---- 8 | 1 file changed, 14 insertions(+), 4 deletions(-) 9 | 10 | --- a/mlog/logger.go 11 | +++ b/mlog/logger.go 12 | @@ -21,9 +21,11 @@ package mlog 13 | 14 | import ( 15 | "fmt" 16 | + "os" 17 | + "time" 18 | + 19 | "go.uber.org/zap" 20 | "go.uber.org/zap/zapcore" 21 | - "os" 22 | ) 23 | 24 | type LogConfig struct { 25 | @@ -64,10 +66,18 @@ func NewLogger(lc LogConfig) (*zap.Logge 26 | out = stderr 27 | } 28 | 29 | - if lc.Production { 30 | - return zap.New(zapcore.NewCore(zapcore.NewJSONEncoder(zap.NewProductionEncoderConfig()), out, lvl)), nil 31 | + encoderConfig := zap.NewDevelopmentEncoderConfig() 32 | + encoderConfig.EncodeTime = func(t time.Time, enc zapcore.PrimitiveArrayEncoder) { 33 | + enc.AppendString(t.Format("2006-01-02 15:04:05")) 34 | } 35 | - return zap.New(zapcore.NewCore(zapcore.NewConsoleEncoder(zap.NewDevelopmentEncoderConfig()), out, lvl)), nil 36 | + 37 | + core := zapcore.NewCore( 38 | + zapcore.NewConsoleEncoder(encoderConfig), 39 | + out, 40 | + lvl, 41 | + ) 42 | + 43 | + return zap.New(core), nil 44 | } 45 | 46 | // L is a global logger. 47 | -------------------------------------------------------------------------------- /naiveproxy/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=naiveproxy 8 | PKG_REAL_VERSION:=137.0.7151.44-1 9 | PKG_VERSION:=$(subst -,.,$(PKG_REAL_VERSION)) 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_REAL_VERSION).tar.gz 13 | PKG_SOURCE_URL:=https://codeload.github.com/klzgrad/naiveproxy/tar.gz/v$(PKG_REAL_VERSION)? 14 | PKG_HASH:=d4e47b2f27d07a0617e9a29fabb215afeb370c4e1d6772935bce8c5a923d3cc7 15 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_REAL_VERSION) 16 | 17 | PKG_LICENSE:=BSD 3-Clause 18 | PKG_LICENSE_FILES:=LICENSE 19 | PKG_MAINTAINER:=Tianling Shen 20 | 21 | PKG_BUILD_DEPENDS:=gn/host 22 | PKG_BUILD_PARALLEL:=1 23 | PKG_BUILD_FLAGS:=no-mips16 24 | 25 | ifneq ($(CONFIG_CPU_TYPE)," ") 26 | CPU_TYPE:=$(word 1, $(subst +," ,$(CONFIG_CPU_TYPE))) 27 | CPU_SUBTYPE:=$(word 2, $(subst +, ",$(CONFIG_CPU_TYPE))) 28 | ifeq ($(CPU_SUBTYPE),) 29 | CPU_SUBTYPE:="" 30 | endif 31 | else 32 | CPU_TYPE:="" 33 | CPU_SUBTYPE:="" 34 | endif 35 | 36 | include $(INCLUDE_DIR)/package.mk 37 | 38 | define Package/naiveproxy 39 | SECTION:=net 40 | CATEGORY:=Network 41 | SUBMENU:=Web Servers/Proxies 42 | TITLE:=Make a fortune quietly 43 | URL:=https://github.com/klzgrad/naiveproxy 44 | DEPENDS:=@!(arc||armeb||mips||mips64||powerpc||TARGET_gemini) +libatomic 45 | endef 46 | 47 | define Package/naiveproxy/description 48 | NaïveProxy uses Chrome's network stack to camouflage traffic with strong 49 | censorship resistance and low detectability. Reusing Chrome's stack also 50 | ensures best practices in performance and security. 51 | endef 52 | 53 | ifneq ($(CONFIG_CCACHE),) 54 | export CCACHE_SLOPPINESS=time_macros 55 | export CCACHE_BASEDIR=$(PKG_BUILD_DIR)/src 56 | export CCACHE_CPP2=yes 57 | export naive_ccache_flags=cc_wrapper="$(CCACHE)" 58 | endif 59 | 60 | CLANG_VER:=21-init-9266-g09006611-1 61 | CLANG_FILE:=clang-llvmorg-$(CLANG_VER).tar.xz 62 | define Download/CLANG 63 | URL:=https://commondatastorage.googleapis.com/chromium-browser-clang/Linux_x64 64 | URL_FILE:=$(CLANG_FILE) 65 | FILE:=$(CLANG_FILE) 66 | HASH:=2cccd3a5b04461f17a2e78d2f8bd18b448443a9dd4d6dfac50e8e84b4d5176f1 67 | endef 68 | 69 | PGO_VER:=7151-1747761124-14800e8fd840fdd5e6e7a1c94b0284dc938d3248-10300d30b42f54f99134f8d73404faf2aa5c0775 70 | PGO_FILE:=chrome-linux-$(PGO_VER).profdata 71 | define Download/PGO_PROF 72 | URL:=https://storage.googleapis.com/chromium-optimization-profiles/pgo_profiles 73 | URL_FILE:=$(PGO_FILE) 74 | FILE:=$(PGO_FILE) 75 | HASH:=944718d5ed561d3543df514243867867488b3590044327321d86ace1e3d206fa 76 | endef 77 | 78 | define Build/Prepare 79 | $(call Build/Prepare/Default) 80 | 81 | ( \ 82 | pushd $(PKG_BUILD_DIR)/src ; \ 83 | mkdir -p "chrome/build/pgo_profiles" ; \ 84 | $(CP) "$(DL_DIR)/$(PGO_FILE)" "chrome/build/pgo_profiles" ; \ 85 | mkdir -p "third_party/llvm-build/Release+Asserts" ; \ 86 | $(TAR) -xJf "$(DL_DIR)/$(CLANG_FILE)" -C "third_party/llvm-build/Release+Asserts" ; \ 87 | echo -e "llvmorg-$(CLANG_VER)" > "third_party/llvm-build/Release+Asserts/cr_build_revision" ; \ 88 | popd ; \ 89 | ) 90 | endef 91 | 92 | define Build/Configure 93 | ( \ 94 | pushd "$(PKG_BUILD_DIR)/src" ; \ 95 | . ../init_env.sh "$(ARCH)" $(CPU_TYPE) $(CPU_SUBTYPE) "$(TOOLCHAIN_DIR)" ; \ 96 | export naive_flags+=" $$$${naive_ccache_flags}" ; \ 97 | mkdir -p "out" ; \ 98 | gn gen "out/Release" --args="$$$${naive_flags}" --script-executable="$(PYTHON)" ; \ 99 | popd ; \ 100 | ) 101 | endef 102 | 103 | define Build/Compile 104 | +$(NINJA) -C "$(PKG_BUILD_DIR)/src/out/Release" naive 105 | endef 106 | 107 | define Package/naiveproxy/install 108 | $(INSTALL_DIR) $(1)/usr/bin 109 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/out/Release/naive $(1)/usr/bin/naive 110 | endef 111 | 112 | $(eval $(call Download,CLANG)) 113 | $(eval $(call Download,PGO_PROF)) 114 | 115 | $(eval $(call BuildPackage,naiveproxy)) 116 | -------------------------------------------------------------------------------- /naiveproxy/src/init_env.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-License-Identifier: GPL-3.0-only 3 | # 4 | # Copyright (C) 2021 ImmortalWrt.org 5 | # -------------------------------------------------------- 6 | # Init build dependencies for naiveproxy 7 | 8 | # Read args from shell 9 | target_arch="$1" 10 | cpu_type="$2" 11 | cpu_subtype="$3" 12 | toolchain_dir="$4" 13 | 14 | # Set arch info 15 | case "${target_arch}" in 16 | "aarch64") 17 | naive_arch="arm64" 18 | ;; 19 | "i386") 20 | naive_arch="x86" 21 | ;; 22 | "x86_64") 23 | naive_arch="x64" 24 | ;; 25 | *) 26 | naive_arch="${target_arch}" 27 | ;; 28 | esac 29 | 30 | # OS detection 31 | [ "$(uname)" != "Linux" -o "$(uname -m)" != "x86_64" ] && { echo -e "Support Linux AMD64 only."; exit 1; } 32 | 33 | # Create TMP dir 34 | mkdir -p "$PWD/tmp" 35 | export TMPDIR="$PWD/tmp" 36 | 37 | # Set ENV 38 | export DEPOT_TOOLS_WIN_TOOLCHAIN=0 39 | export naive_flags=" 40 | is_official_build=true 41 | exclude_unwind_tables=true 42 | enable_resource_allowlist_generation=false 43 | symbol_level=0 44 | 45 | is_clang=true 46 | use_sysroot=false 47 | 48 | fatal_linker_warnings=false 49 | treat_warnings_as_errors=false 50 | 51 | is_cronet_build=true 52 | chrome_pgo_phase=2 53 | 54 | enable_base_tracing=false 55 | use_udev=false 56 | use_aura=false 57 | use_ozone=false 58 | use_gio=false 59 | use_platform_icu_alternatives=true 60 | use_glib=false 61 | 62 | disable_file_support=true 63 | enable_websockets=false 64 | use_kerberos=false 65 | disable_file_support=true 66 | disable_zstd_filter=false 67 | enable_mdns=false 68 | enable_reporting=false 69 | include_transport_security_state_preload_list=false 70 | enable_device_bound_sessions=false 71 | enable_bracketed_proxy_uris=true 72 | enable_quic_proxy_support=true 73 | 74 | use_nss_certs=false 75 | 76 | enable_backup_ref_ptr_support=false 77 | enable_dangling_raw_ptr_checks=false 78 | enable_shadow_metadata=false 79 | 80 | target_os=\"openwrt\" 81 | target_cpu=\"${naive_arch}\" 82 | target_sysroot=\"${toolchain_dir}\"" 83 | 84 | case "${target_arch}" in 85 | "arm") 86 | naive_flags+=" arm_version=0 arm_cpu=\"${cpu_type}\"" 87 | case "${cpu_type}" in "arm1176jzf-s"|"arm926ej-s"|"mpcore"|"xscale") naive_flags+=" arm_use_thumb=false" ;; esac 88 | if [ -n "${cpu_subtype}" ]; then 89 | if grep -q "neon" <<< "${cpu_subtype}"; then 90 | neon_flag="arm_use_neon=true" 91 | else 92 | neon_flag="arm_use_neon=false" 93 | fi 94 | naive_flags+=" arm_fpu=\"${cpu_subtype}\" arm_float_abi=\"hard\" ${neon_flag}" 95 | else 96 | naive_flags+=" arm_float_abi=\"soft\" arm_use_neon=false" 97 | fi 98 | 99 | # LLVM does not accept muslgnueabi as the target triple environment 100 | if [ -d "$toolchain_dir/lib/gcc/arm-openwrt-linux-muslgnueabi" ] && [ ! -d "$toolchain_dir/lib/gcc/arm-openwrt-linux-musleabi" ]; then 101 | ln -sf "$toolchain_dir/lib/gcc/arm-openwrt-linux-muslgnueabi" "$toolchain_dir/lib/gcc/arm-openwrt-linux-musleabi" 102 | fi 103 | ;; 104 | "arm64") 105 | [ -n "${cpu_type}" ] && naive_flags+=" arm_cpu=\"${cpu_type}\"" 106 | ;; 107 | "mipsel"|"mips64el") 108 | naive_flags+=" use_thin_lto=false chrome_pgo_phase=0" 109 | if [ -z "${cpu_type}" ] || [ "${cpu_type}" == "mips32" ]; then 110 | naive_flags+=" mips_arch_variant=\"r1\"" 111 | else 112 | naive_flags+=" mips_arch_variant=\"r2\"" 113 | fi 114 | if [ "${target_arch}" == "mipsel" ]; then 115 | if [ "${cpu_subtype}" == "24kf" ]; then 116 | naive_flags+=" mips_float_abi=\"hard\"" 117 | else 118 | naive_flags+=" mips_float_abi=\"soft\"" 119 | fi 120 | fi 121 | ;; 122 | "x86_64") 123 | naive_flags+=" use_cfi_icall=false" 124 | ;; 125 | esac 126 | -------------------------------------------------------------------------------- /redsocks2/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=redsocks2 8 | PKG_VERSION:=0.71 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE_PROTO:=git 12 | PKG_SOURCE_URL:=https://github.com/semigodking/redsocks.git 13 | PKG_SOURCE_DATE:=2024-12-05 14 | PKG_SOURCE_VERSION:=5d2db3e15543854da30e88af40748dfe63af2c28 15 | PKG_MIRROR_HASH:=5c06c3646434c498fe22379cb2085269d1e384e1a2db2941ca844a0a5da1f0dc 16 | 17 | PKG_MAINTAINER:=semigodking 18 | PKG_LICENSE:=Apache-2.0 19 | PKG_LICENSE_FILES:=LICENSE 20 | 21 | PKG_BUILD_PARALLEL:=1 22 | 23 | include $(INCLUDE_DIR)/package.mk 24 | 25 | define Package/redsocks2 26 | SECTION:=net 27 | CATEGORY:=Network 28 | SUBMENU:=Web Servers/Proxies 29 | TITLE:=Redirect any TCP connection to a SOCKS or HTTPS proxy server 30 | URL:=https://github.com/semigodking/redsocks 31 | DEPENDS:=+libevent2 +libopenssl 32 | endef 33 | 34 | define Package/redsocks2/description 35 | This is a modified version of original redsocks. \ 36 | The name is changed to be REDSOCKS2 since this release to distinguish with original redsocks. \ 37 | This variant is useful for anti-GFW (Great Fire Wall). 38 | endef 39 | 40 | define Build/Compile 41 | $(call Build/Compile/Default,DISABLE_SHADOWSOCKS=true) 42 | endef 43 | 44 | define Package/redsocks2/install 45 | $(INSTALL_DIR) $(1)/usr/sbin 46 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/redsocks2 $(1)/usr/sbin 47 | endef 48 | 49 | $(eval $(call BuildPackage,redsocks2)) 50 | -------------------------------------------------------------------------------- /shadow-tls/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0-only 2 | 3 | include $(TOPDIR)/rules.mk 4 | include $(INCLUDE_DIR)/package.mk 5 | 6 | PKG_NAME:=shadow-tls 7 | PKG_VERSION:=0.2.25 8 | PKG_RELEASE:=1 9 | 10 | PKG_LICENSE_FILES:=LICENSE 11 | PKG_MAINTAINER:=FluffyTigerFear 12 | RELEASE_HEAD:=$(PKG_NAME) 13 | RELEASE_FOOT:=unknown-linux-musl 14 | ifeq ($(ARCH),aarch64) 15 | RELEASE_ARCH:=$(RELEASE_HEAD)-aarch64-$(RELEASE_FOOT) 16 | PKG_HASH:=3295476b37f549a68906519d3eaecb74bf3b6eaf9094cebb16ee84f0151373c6 17 | else ifeq ($(ARCH),arm) 18 | ifeq ($(CONFIG_CPU_TYPE),cortex-a7) 19 | RELEASE_ARCH:=$(RELEASE_HEAD)-armv7-$(RELEASE_FOOT)eabihf 20 | PKG_HASH:=e6f918a072557c50fd0ea950af9a156a9b102af72c1d010ff85d08d13006c54f 21 | else ifeq ($(CONFIG_CPU_TYPE),cortex-a9) 22 | RELEASE_ARCH:=$(RELEASE_HEAD)-armv7-$(RELEASE_FOOT)eabihf 23 | PKG_HASH:=e6f918a072557c50fd0ea950af9a156a9b102af72c1d010ff85d08d13006c54f 24 | else 25 | RELEASE_ARCH:=$(RELEASE_HEAD)-arm-$(RELEASE_FOOT)eabi 26 | PKG_HASH:=b6743bc60e1727972ece0fd5acf3a931e5be05cedee6f637e7e3d8c5b8d58f16 27 | endif 28 | else ifeq ($(ARCH),x86_64) 29 | RELEASE_ARCH:=$(RELEASE_HEAD)-x86_64-$(RELEASE_FOOT) 30 | PKG_HASH:=a173f5f2d57f45211b68e10ceeddc15b1791077b914fa89747bc705fddc71532 31 | else 32 | PKG_SOURCE:=dummy 33 | PKG_HASH:=dummy 34 | endif 35 | 36 | define Download/shadow-tls 37 | URL:=https://github.com/ihciah/shadow-tls/releases/download/v$(PKG_VERSION) 38 | URL_FILE:=$(RELEASE_ARCH) 39 | FILE:=$(RELEASE_ARCH) 40 | HASH:=$(PKG_HASH) 41 | endef 42 | 43 | define Package/shadow-tls 44 | SECTION:=net 45 | CATEGORY:=Network 46 | SUBMENU:=Web Servers/Proxies 47 | TITLE:=A proxy to expose real tls handshake to the firewall. 48 | URL:=https://github.com/ihciah/shadow-tls 49 | DEPENDS:=@USE_MUSL @(aarch64||arm||x86_64) @!(TARGET_x86_geode||TARGET_x86_legacy) 50 | endef 51 | 52 | define Build/Prepare 53 | $(call Build/Prepare/Default) 54 | ifneq ($(CONFIG_PACKAGE_shadow-tls),) 55 | $(call Download,shadow-tls) 56 | endif 57 | endef 58 | 59 | define Build/Compile 60 | endef 61 | 62 | define Package/shadow-tls/install 63 | $(INSTALL_DIR) $(1)/usr/bin 64 | $(INSTALL_BIN) $(DL_DIR)/$(RELEASE_ARCH) $(1)/usr/bin/shadow-tls 65 | endef 66 | 67 | $(eval $(call BuildPackage,shadow-tls)) 68 | -------------------------------------------------------------------------------- /shadowsocks-libev/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2017-2020 Yousong Zhou 3 | # 4 | # This is free software, licensed under the GNU General Public License v2. 5 | # See /LICENSE for more information. 6 | # 7 | 8 | include $(TOPDIR)/rules.mk 9 | 10 | # Checklist when bumping versions 11 | # 12 | # - update cipher list by checking src/crypto.c:crypto_init() 13 | # - check if default mode has changed from being tcp_only 14 | # 15 | PKG_NAME:=shadowsocks-libev 16 | PKG_VERSION:=3.3.5 17 | PKG_RELEASE:=13 18 | 19 | PKG_SOURCE_PROTO:=git 20 | PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev.git 21 | PKG_SOURCE_DATE:=2025-1-20 22 | PKG_SOURCE_VERSION:=9afa3cacf947f910be46b69fc5a7a1fdd02fd5e6 23 | PKG_MIRROR_HASH:=575b21803b28db8ab59ecbdb2cf21c4282881507b3a4267cc24f55bad12819cb 24 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz 25 | 26 | PKG_MAINTAINER:=Yousong Zhou 27 | 28 | PKG_LICENSE:=GPL-3.0-or-later 29 | PKG_LICENSE_FILES:=LICENSE 30 | PKG_CPE_ID:=cpe:/a:shadowsocks:shadowsocks-libev 31 | 32 | PKG_FIXUP:=autoreconf 33 | PKG_INSTALL:=1 34 | PKG_BUILD_FLAGS:=no-mips16 lto 35 | PKG_BUILD_PARALLEL:=1 36 | PKG_BUILD_DEPENDS:=c-ares pcre2 37 | 38 | include $(INCLUDE_DIR)/package.mk 39 | 40 | 41 | define Package/shadowsocks-libev-config 42 | SECTION:=net 43 | CATEGORY:=Network 44 | SUBMENU:=Web Servers/Proxies 45 | TITLE:=shadowsocks-libev config scripts 46 | URL:=https://github.com/shadowsocks/shadowsocks-libev 47 | endef 48 | 49 | define Package/shadowsocks-libev-config/conffiles 50 | /etc/config/shadowsocks-libev 51 | endef 52 | 53 | define Package/shadowsocks-libev-config/install 54 | $(INSTALL_DIR) $(1)/etc/config 55 | $(INSTALL_DATA) ./files/shadowsocks-libev.config $(1)/etc/config/shadowsocks-libev 56 | $(INSTALL_DIR) $(1)/etc/init.d 57 | $(INSTALL_BIN) ./files/shadowsocks-libev.init $(1)/etc/init.d/shadowsocks-libev 58 | endef 59 | 60 | 61 | define Package/shadowsocks-libev/Default 62 | define Package/shadowsocks-libev-$(1) 63 | SECTION:=net 64 | CATEGORY:=Network 65 | SUBMENU:=Web Servers/Proxies 66 | TITLE:=shadowsocks-libev $(1) 67 | URL:=https://github.com/shadowsocks/shadowsocks-libev 68 | DEPENDS:=+libev +libmbedtls +libpthread +libsodium +shadowsocks-libev-config $(DEPENDS_$(1)) 69 | endef 70 | 71 | define Package/shadowsocks-libev-$(1)/install 72 | $$(INSTALL_DIR) $$(1)/usr/bin 73 | $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/$(1) $$(1)/usr/bin 74 | endef 75 | 76 | endef 77 | 78 | DEPENDS_ss-local = +libpcre2 79 | DEPENDS_ss-server = +libcares +libpcre2 80 | 81 | SHADOWSOCKS_COMPONENTS:=ss-local ss-redir ss-tunnel ss-server 82 | define shadowsocks-libev/templates 83 | $(foreach component,$(SHADOWSOCKS_COMPONENTS), 84 | $(call Package/shadowsocks-libev/Default,$(component)) 85 | ) 86 | endef 87 | $(eval $(call shadowsocks-libev/templates)) 88 | 89 | 90 | define Package/shadowsocks-libev-ss-rules 91 | SECTION:=net 92 | CATEGORY:=Network 93 | SUBMENU:=Web Servers/Proxies 94 | TITLE:=shadowsocks-libev ss-rules 95 | URL:=https://github.com/shadowsocks/shadowsocks-libev 96 | DEPENDS:=+firewall4 \ 97 | +ip \ 98 | +resolveip \ 99 | +ucode \ 100 | +ucode-mod-fs \ 101 | +shadowsocks-libev-ss-redir \ 102 | +shadowsocks-libev-config \ 103 | +kmod-nft-tproxy 104 | endef 105 | 106 | define Package/shadowsocks-libev-ss-rules/install 107 | $(INSTALL_DIR) $(1)/usr/share/ss-rules 108 | $(INSTALL_DATA) ./files/ss-rules/* $(1)/usr/share/ss-rules/ 109 | endef 110 | 111 | define Build/Prepare 112 | $(call Build/Prepare/Default) 113 | $(FIND) $(PKG_BUILD_DIR) \ 114 | -name '*.o' \ 115 | -o -name '*.lo' \ 116 | -o -name '.deps' \ 117 | -o -name '.libs' \ 118 | | $(XARGS) rm -rvf 119 | endef 120 | 121 | CONFIGURE_ARGS += \ 122 | --disable-documentation \ 123 | --disable-silent-rules \ 124 | --disable-assert \ 125 | --disable-ssp \ 126 | 127 | TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed 128 | 129 | $(eval $(call BuildPackage,shadowsocks-libev-config)) 130 | $(eval $(call BuildPackage,shadowsocks-libev-ss-rules)) 131 | $(foreach component,$(SHADOWSOCKS_COMPONENTS), \ 132 | $(eval $(call BuildPackage,shadowsocks-libev-$(component))) \ 133 | ) 134 | -------------------------------------------------------------------------------- /shadowsocks-libev/files/shadowsocks-libev.config: -------------------------------------------------------------------------------- 1 | config ss_local 2 | option disabled 1 3 | option server 'sss0' 4 | option local_address '0.0.0.0' 5 | option local_port '1080' 6 | option timeout '30' 7 | 8 | config ss_tunnel 9 | option disabled 1 10 | option server 'sss0' 11 | option local_address '0.0.0.0' 12 | option local_port '1090' 13 | option tunnel_address 'example.com:80' 14 | option mode 'tcp_and_udp' 15 | option timeout '60' 16 | 17 | config ss_redir hi 18 | option disabled 1 19 | option server 'sss0' 20 | option local_address '0.0.0.0' 21 | option local_port '1100' 22 | option mode 'tcp_and_udp' 23 | option timeout '60' 24 | option fast_open 1 25 | option verbose 1 26 | option reuse_port 1 27 | 28 | config ss_redir hj 29 | option disabled 1 30 | option server 'sss0' 31 | option local_address '0.0.0.0' 32 | option local_port '1100' 33 | option mode 'tcp_and_udp' 34 | option timeout '60' 35 | option fast_open 1 36 | option verbose 1 37 | option reuse_port 1 38 | 39 | config ss_rules 'ss_rules' 40 | option disabled 1 41 | option redir_tcp 'hi' 42 | option redir_udp 'hi' 43 | option src_default 'checkdst' 44 | option dst_default 'bypass' 45 | option local_default 'checkdst' 46 | list src_ips_forward '192.168.1.4' 47 | list dst_ips_forward '8.8.8.8' 48 | 49 | config server 'sss0' 50 | option disabled 1 51 | option server '192.168.1.3' 52 | option server_port '9001' 53 | option password '********' 54 | option method 'aes-256-cfb' 55 | 56 | config ss_server 57 | option disabled 1 58 | option server_port '9001' 59 | option password '********' 60 | option method 'aes-256-cfb' 61 | -------------------------------------------------------------------------------- /shadowsocks-libev/files/ss-rules/chain.uc: -------------------------------------------------------------------------------- 1 | {% 2 | function get_local_verdict() { 3 | let v = o_local_default; 4 | if (v == "checkdst") { 5 | return "goto ss_rules_dst_" + proto; 6 | } else if (v == "forward") { 7 | return "goto ss_rules_forward_" + proto; 8 | } else { 9 | return null; 10 | } 11 | } 12 | 13 | function get_src_default_verdict() { 14 | let v = o_src_default; 15 | if (v == "checkdst") { 16 | return "goto ss_rules_dst_" + proto; 17 | } else if (v == "forward") { 18 | return "goto ss_rules_forward_" + proto; 19 | } else { 20 | return "accept"; 21 | } 22 | } 23 | 24 | function get_dst_default_verdict() { 25 | let v = o_dst_default; 26 | if (v == "forward") { 27 | return "goto ss_rules_forward_" + proto; 28 | } else { 29 | return "accept"; 30 | } 31 | } 32 | 33 | function get_ifnames() { 34 | let res = []; 35 | for (let ifname in split(o_ifnames, /[ \t\n]/)) { 36 | ifname = trim(ifname); 37 | if (ifname) push(res, ifname); 38 | } 39 | return res; 40 | } 41 | 42 | let type, hook, priority, redir_port; 43 | if (proto == "tcp") { 44 | type = "nat"; 45 | hook = "prerouting"; 46 | priority = -1; 47 | redir_port = o_redir_tcp_port; 48 | } else if (proto == "udp") { 49 | type = "filter"; 50 | hook = "prerouting"; 51 | priority = "mangle"; 52 | redir_port = o_redir_udp_port; 53 | if (system(" 54 | set -o errexit 55 | iprr() { 56 | while ip $1 rule del fwmark 1 lookup 100 2>/dev/null; do true; done 57 | ip $1 rule add fwmark 1 lookup 100 58 | ip $1 route flush table 100 2>/dev/null || true 59 | ip $1 route add local default dev lo table 100 60 | } 61 | iprr -4 62 | iprr -6 63 | ") != 0) { 64 | return ; 65 | } 66 | } else { 67 | return; 68 | } 69 | 70 | %} 71 | {% if (redir_port): %} 72 | 73 | chain ss_rules_pre_{{ proto }} { 74 | type {{ type }} hook {{ hook }} priority {{ priority }}; 75 | meta l4proto {{ proto }}{%- let ifnames=get_ifnames(); if (length(ifnames)): %} iifname { {{join(", ", ifnames)}} }{% endif %} goto ss_rules_pre_src_{{ proto }}; 76 | } 77 | 78 | chain ss_rules_pre_src_{{ proto }} { 79 | ip daddr @ss_rules_dst_bypass_ accept; 80 | ip6 daddr @ss_rules6_dst_bypass_ accept; 81 | goto ss_rules_src_{{ proto }}; 82 | } 83 | 84 | chain ss_rules_src_{{ proto }} { 85 | ip saddr @ss_rules_src_bypass accept; 86 | ip saddr @ss_rules_src_forward goto ss_rules_forward_{{ proto }}; 87 | ip saddr @ss_rules_src_checkdst goto ss_rules_dst_{{ proto }}; 88 | ip6 saddr @ss_rules6_src_bypass accept; 89 | ip6 saddr @ss_rules6_src_forward goto ss_rules_forward_{{ proto }}; 90 | ip6 saddr @ss_rules6_src_checkdst goto ss_rules_dst_{{ proto }}; 91 | {{ get_src_default_verdict() }}; 92 | } 93 | 94 | chain ss_rules_dst_{{ proto }} { 95 | ip daddr @ss_rules_dst_bypass accept; 96 | ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }}; 97 | ip6 daddr @ss_rules6_dst_bypass accept; 98 | ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }}; 99 | {{ get_dst_default_verdict() }}; 100 | } 101 | 102 | {% if (proto == "tcp"): %} 103 | chain ss_rules_forward_{{ proto }} { 104 | meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }}; 105 | } 106 | {% let local_verdict = get_local_verdict(); if (local_verdict): %} 107 | chain ss_rules_local_out { 108 | type {{ type }} hook output priority -1; 109 | meta l4proto != tcp accept; 110 | ip daddr @ss_rules_dst_bypass_ accept; 111 | ip daddr @ss_rules_dst_bypass accept; 112 | ip6 daddr @ss_rules6_dst_bypass_ accept; 113 | ip6 daddr @ss_rules6_dst_bypass accept; 114 | {{ local_verdict }}; 115 | } 116 | {% endif %} 117 | {% elif (proto == "udp"): %} 118 | chain ss_rules_forward_{{ proto }} { 119 | meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }}; 120 | } 121 | {% endif %} 122 | {% endif %} 123 | -------------------------------------------------------------------------------- /shadowsocks-libev/files/ss-rules/set.uc: -------------------------------------------------------------------------------- 1 | {% 2 | let fs = require("fs"); 3 | 4 | let o_dst_bypass4_ = " 5 | 0.0.0.0/8 6 | 10.0.0.0/8 7 | 100.64.0.0/10 8 | 127.0.0.0/8 9 | 169.254.0.0/16 10 | 172.16.0.0/12 11 | 192.0.0.0/24 12 | 192.0.2.0/24 13 | 192.31.196.0/24 14 | 192.52.193.0/24 15 | 192.88.99.0/24 16 | 192.168.0.0/16 17 | 192.175.48.0/24 18 | 198.18.0.0/15 19 | 198.51.100.0/24 20 | 203.0.113.0/24 21 | 224.0.0.0/4 22 | 240.0.0.0/4 23 | "; 24 | let o_dst_bypass6_ = " 25 | ::1/128 26 | ::/128 27 | ::ffff:0:0/96 28 | 64:ff9b:1::/48 29 | 100::/64 30 | fe80::/10 31 | 2001::/23 32 | fc00::/7 33 | "; 34 | let o_dst_bypass_ = o_dst_bypass4_ + " " + o_dst_bypass6_; 35 | 36 | let set_suffix = { 37 | "src_bypass": { 38 | str: o_src_bypass, 39 | }, 40 | "src_forward": { 41 | str: o_src_forward, 42 | }, 43 | "src_checkdst": { 44 | str: o_src_checkdst, 45 | }, 46 | "dst_bypass": { 47 | str: o_dst_bypass + " " + o_remote_servers, 48 | file: o_dst_bypass_file, 49 | }, 50 | "dst_bypass_": { 51 | str: o_dst_bypass_, 52 | }, 53 | "dst_forward": { 54 | str: o_dst_forward, 55 | file: o_dst_forward_file, 56 | }, 57 | "dst_forward_rrst_": {}, 58 | }; 59 | 60 | function set_name(suf, af) { 61 | if (af == 4) { 62 | return "ss_rules_"+suf; 63 | } else { 64 | return "ss_rules6_"+suf; 65 | } 66 | } 67 | 68 | function set_elements_parse(res, str, af) { 69 | for (let addr in split(str, /[ \t\n]/)) { 70 | addr = trim(addr); 71 | if (!addr) continue; 72 | if (af == 4 && index(addr, ":") != -1) continue; 73 | if (af == 6 && index(addr, ":") == -1) continue; 74 | push(res, addr); 75 | } 76 | } 77 | 78 | function set_elements(suf, af) { 79 | let obj = set_suffix[suf]; 80 | let res = []; 81 | let addr; 82 | 83 | let str = obj["str"]; 84 | if (str) { 85 | set_elements_parse(res, str, af); 86 | } 87 | 88 | let file = obj["file"]; 89 | if (file) { 90 | let fd = fs.open(file); 91 | if (fd) { 92 | str = fd.read("all"); 93 | set_elements_parse(res, str, af); 94 | } 95 | } 96 | 97 | return res; 98 | } 99 | %} 100 | 101 | {% for (let suf in set_suffix): for (let af in [4, 6]): %} 102 | set {{ set_name(suf, af) }} { 103 | type ipv{{af}}_addr; 104 | flags interval; 105 | auto-merge; 106 | {% let elems = set_elements(suf, af); if (length(elems)): %} 107 | elements = { 108 | {% for (let i = 0; i < length(elems); i++): %} 109 | {{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %} 110 | {% endfor %} 111 | } 112 | {% endif %} 113 | } 114 | {% endfor; endfor %} 115 | -------------------------------------------------------------------------------- /shadowsocks-libev/files/ss-rules/ss-rules.uc: -------------------------------------------------------------------------------- 1 | {% 2 | 3 | include("set.uc"); 4 | include("chain.uc", {proto: "tcp"}); 5 | include("chain.uc", {proto: "udp"}); 6 | 7 | %} 8 | 9 | -------------------------------------------------------------------------------- /shadowsocks-libev/patches/101-Fix-mishandling-of-incoming-socket-buffer.-It-must-b.patch: -------------------------------------------------------------------------------- 1 | From 8be7a7cb00b9540e9be05d409191b0bc1ba424f0 Mon Sep 17 00:00:00 2001 2 | From: notsure2 3 | Date: Mon, 11 Dec 2023 09:15:47 +0200 4 | Subject: [PATCH] Fix mishandling of incoming socket buffer. It must be set on 5 | the listening socket not the accepted socket. 6 | 7 | --- 8 | src/local.c | 16 ++++++++-------- 9 | src/redir.c | 16 ++++++++-------- 10 | src/server.c | 16 ++++++++-------- 11 | src/tunnel.c | 16 ++++++++-------- 12 | 4 files changed, 32 insertions(+), 32 deletions(-) 13 | 14 | --- a/src/local.c 15 | +++ b/src/local.c 16 | @@ -205,6 +205,14 @@ create_and_bind(const char *addr, const 17 | } 18 | } 19 | 20 | + if (tcp_incoming_sndbuf > 0) { 21 | + setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 22 | + } 23 | + 24 | + if (tcp_incoming_rcvbuf > 0) { 25 | + setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 26 | + } 27 | + 28 | s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); 29 | if (s == 0) { 30 | /* We managed to bind successfully! */ 31 | @@ -1406,14 +1414,6 @@ accept_cb(EV_P_ ev_io *w, int revents) 32 | setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 33 | #endif 34 | 35 | - if (tcp_incoming_sndbuf > 0) { 36 | - setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 37 | - } 38 | - 39 | - if (tcp_incoming_rcvbuf > 0) { 40 | - setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 41 | - } 42 | - 43 | server_t *server = new_server(serverfd); 44 | server->listener = listener; 45 | 46 | --- a/src/redir.c 47 | +++ b/src/redir.c 48 | @@ -201,6 +201,14 @@ create_and_bind(const char *addr, const 49 | LOGI("tcp tproxy mode enabled"); 50 | } 51 | 52 | + if (tcp_incoming_sndbuf > 0) { 53 | + setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 54 | + } 55 | + 56 | + if (tcp_incoming_rcvbuf > 0) { 57 | + setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 58 | + } 59 | + 60 | s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); 61 | if (s == 0) { 62 | /* We managed to bind successfully! */ 63 | @@ -759,14 +767,6 @@ accept_cb(EV_P_ ev_io *w, int revents) 64 | setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 65 | #endif 66 | 67 | - if (tcp_incoming_sndbuf > 0) { 68 | - setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 69 | - } 70 | - 71 | - if (tcp_incoming_rcvbuf > 0) { 72 | - setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 73 | - } 74 | - 75 | int index = rand() % listener->remote_num; 76 | struct sockaddr *remote_addr = listener->remote_addr[index]; 77 | 78 | --- a/src/server.c 79 | +++ b/src/server.c 80 | @@ -620,6 +620,14 @@ create_and_bind(const char *host, const 81 | } 82 | } 83 | 84 | + if (tcp_incoming_sndbuf > 0) { 85 | + setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 86 | + } 87 | + 88 | + if (tcp_incoming_rcvbuf > 0) { 89 | + setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 90 | + } 91 | + 92 | // Enable out-of-tree mptcp 93 | if (mptcp == 1) { 94 | int i = 0; 95 | @@ -1769,14 +1777,6 @@ accept_cb(EV_P_ ev_io *w, int revents) 96 | setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 97 | #endif 98 | 99 | - if (tcp_incoming_sndbuf > 0) { 100 | - setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 101 | - } 102 | - 103 | - if (tcp_incoming_rcvbuf > 0) { 104 | - setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 105 | - } 106 | - 107 | setnonblocking(serverfd); 108 | 109 | server_t *server = new_server(serverfd, listener); 110 | --- a/src/tunnel.c 111 | +++ b/src/tunnel.c 112 | @@ -166,6 +166,14 @@ create_and_bind(const char *addr, const 113 | } 114 | } 115 | 116 | + if (tcp_incoming_sndbuf > 0) { 117 | + setsockopt(listen_sock, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 118 | + } 119 | + 120 | + if (tcp_incoming_rcvbuf > 0) { 121 | + setsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 122 | + } 123 | + 124 | s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); 125 | if (s == 0) { 126 | /* We managed to bind successfully! */ 127 | @@ -725,14 +733,6 @@ accept_cb(EV_P_ ev_io *w, int revents) 128 | setsockopt(serverfd, SOL_SOCKET, SO_NOSIGPIPE, &opt, sizeof(opt)); 129 | #endif 130 | 131 | - if (tcp_incoming_sndbuf > 0) { 132 | - setsockopt(serverfd, SOL_SOCKET, SO_SNDBUF, &tcp_incoming_sndbuf, sizeof(int)); 133 | - } 134 | - 135 | - if (tcp_incoming_rcvbuf > 0) { 136 | - setsockopt(serverfd, SOL_SOCKET, SO_RCVBUF, &tcp_incoming_rcvbuf, sizeof(int)); 137 | - } 138 | - 139 | int index = rand() % listener->remote_num; 140 | struct sockaddr *remote_addr = listener->remote_addr[index]; 141 | 142 | -------------------------------------------------------------------------------- /shadowsocks-libev/patches/102-deprecate-load16-be-replace-with-ntohs.patch: -------------------------------------------------------------------------------- 1 | From f4ee43fa27e00a573d90a8cac68f12655570bbf7 Mon Sep 17 00:00:00 2001 2 | From: lwb1978 <86697442+lwb1978@users.noreply.github.com> 3 | Date: Tue, 4 Feb 2025 15:51:17 +0800 4 | Subject: [PATCH] Deprecate load16_be() function in favor to ntohs() function 5 | 6 | --- 7 | src/aead.c | 2 +- 8 | src/local.c | 6 +++--- 9 | src/server.c | 2 +- 10 | src/udprelay.c | 2 +- 11 | src/utils.c | 8 -------- 12 | src/utils.h | 1 - 13 | 6 files changed, 6 insertions(+), 15 deletions(-) 14 | 15 | --- a/src/aead.c 16 | +++ b/src/aead.c 17 | @@ -605,7 +605,7 @@ aead_chunk_decrypt(cipher_ctx_t *ctx, ui 18 | return CRYPTO_ERROR; 19 | assert(*plen == CHUNK_SIZE_LEN); 20 | 21 | - mlen = load16_be(len_buf); 22 | + mlen = ntohs(*(uint16_t*)len_buf); 23 | mlen = mlen & CHUNK_SIZE_MASK; 24 | 25 | if (mlen == 0) 26 | --- a/src/local.c 27 | +++ b/src/local.c 28 | @@ -390,7 +390,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ 29 | abuf->len += in_addr_len + 2; 30 | 31 | if (acl || verbose) { 32 | - uint16_t p = load16_be(buf->data + request_len + in_addr_len); 33 | + uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in_addr_len)); 34 | if (!inet_ntop(AF_INET, (const void *)(buf->data + request_len), 35 | ip, INET_ADDRSTRLEN)) { 36 | LOGI("inet_ntop(AF_INET): %s", strerror(errno)); 37 | @@ -408,7 +408,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ 38 | abuf->len += name_len + 2; 39 | 40 | if (acl || verbose) { 41 | - uint16_t p = load16_be(buf->data + request_len + 1 + name_len); 42 | + uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + 1 + name_len)); 43 | memcpy(host, buf->data + request_len + 1, name_len); 44 | host[name_len] = '\0'; 45 | sprintf(port, "%d", p); 46 | @@ -422,7 +422,7 @@ server_handshake(EV_P_ ev_io *w, buffer_ 47 | abuf->len += in6_addr_len + 2; 48 | 49 | if (acl || verbose) { 50 | - uint16_t p = load16_be(buf->data + request_len + in6_addr_len); 51 | + uint16_t p = ntohs(*(uint16_t*)(buf->data + request_len + in6_addr_len)); 52 | if (!inet_ntop(AF_INET6, (const void *)(buf->data + request_len), 53 | ip, INET6_ADDRSTRLEN)) { 54 | LOGI("inet_ntop(AF_INET6): %s", strerror(errno)); 55 | --- a/src/server.c 56 | +++ b/src/server.c 57 | @@ -1137,7 +1137,7 @@ server_recv_cb(EV_P_ ev_io *w, int reven 58 | return; 59 | } 60 | 61 | - port = ntohs(load16_be(server->buf->data + offset)); 62 | + port = *(uint16_t*)(server->buf->data + offset); 63 | 64 | offset += 2; 65 | 66 | --- a/src/udprelay.c 67 | +++ b/src/udprelay.c 68 | @@ -316,7 +316,7 @@ parse_udprelay_header(const char *buf, c 69 | } 70 | 71 | if (port != NULL) { 72 | - sprintf(port, "%d", load16_be(buf + offset)); 73 | + sprintf(port, "%d", ntohs(*(uint16_t*)(buf + offset))); 74 | } 75 | offset += 2; 76 | 77 | --- a/src/utils.c 78 | +++ b/src/utils.c 79 | @@ -571,14 +571,6 @@ get_default_conf(void) 80 | #endif 81 | } 82 | 83 | -uint16_t 84 | -load16_be(const void *s) 85 | -{ 86 | - const uint8_t *in = (const uint8_t *)s; 87 | - return ((uint16_t)in[0] << 8) 88 | - | ((uint16_t)in[1]); 89 | -} 90 | - 91 | int 92 | get_mptcp(int enable) 93 | { 94 | --- a/src/utils.h 95 | +++ b/src/utils.h 96 | @@ -249,7 +249,6 @@ void *ss_realloc(void *ptr, size_t new_s 97 | 98 | int ss_is_ipv6addr(const char *addr); 99 | char *get_default_conf(void); 100 | -uint16_t load16_be(const void *s); 101 | int get_mptcp(int enable); 102 | 103 | #endif // _UTILS_H 104 | -------------------------------------------------------------------------------- /shadowsocks-rust/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0-only 2 | # 3 | # Copyright (C) 2017-2020 Yousong Zhou 4 | # Copyright (C) 2021-2023 ImmortalWrt.org 5 | 6 | include $(TOPDIR)/rules.mk 7 | 8 | PKG_NAME:=shadowsocks-rust 9 | PKG_VERSION:=1.23.4 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 13 | PKG_SOURCE_URL:=https://codeload.github.com/shadowsocks/shadowsocks-rust/tar.gz/v$(PKG_VERSION)? 14 | PKG_HASH:=8a91836256989e3a56409d0e83da6549ecf727e2d6642cd4e707993d9c8a23d3 15 | 16 | PKG_MAINTAINER:=Tianling Shen 17 | PKG_LICENSE:=MIT 18 | PKG_LICENSE_FILES:=LICENSE 19 | 20 | PKG_BUILD_DEPENDS:=rust/host 21 | PKG_BUILD_PARALLEL:=1 22 | 23 | RUST_PKG_FEATURES:=local-redir 24 | 25 | include $(INCLUDE_DIR)/package.mk 26 | include $(TOPDIR)/feeds/packages/lang/rust/rust-package.mk 27 | 28 | define Package/shadowsocks-rust/Default 29 | define Package/shadowsocks-rust-$(1) 30 | SECTION:=net 31 | CATEGORY:=Network 32 | SUBMENU:=Web Servers/Proxies 33 | TITLE:=shadowsocks-rust $(1) 34 | URL:=https://github.com/shadowsocks/shadowsocks-rust 35 | DEPENDS:=$$(RUST_ARCH_DEPENDS) 36 | endef 37 | 38 | define Package/shadowsocks-rust-$(1)/install 39 | $$(INSTALL_DIR) $$(1)/usr/bin 40 | $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/bin/$(1) $$(1)/usr/bin/ 41 | endef 42 | endef 43 | 44 | SHADOWSOCKS_COMPONENTS:=sslocal ssmanager ssserver ssurl ssservice 45 | define shadowsocks-rust/templates 46 | $(foreach component,$(SHADOWSOCKS_COMPONENTS), 47 | $(call Package/shadowsocks-rust/Default,$(component)) 48 | ) 49 | endef 50 | $(eval $(call shadowsocks-rust/templates)) 51 | 52 | $(foreach component,$(SHADOWSOCKS_COMPONENTS), \ 53 | $(eval $(call BuildPackage,shadowsocks-rust-$(component))) \ 54 | ) 55 | -------------------------------------------------------------------------------- /shadowsocksr-libev/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0-only 2 | # 3 | # Copyright (C) 2017-2020 Yousong Zhou 4 | # Copyright (C) 2018 Lean 5 | # Copyright (C) 2021 ImmortalWrt.org 6 | 7 | include $(TOPDIR)/rules.mk 8 | 9 | PKG_NAME:=shadowsocksr-libev 10 | PKG_VERSION:=2.5.6 11 | PKG_RELEASE:=11 12 | 13 | PKG_SOURCE_PROTO:=git 14 | PKG_SOURCE_URL:=https://github.com/shadowsocksrr/shadowsocksr-libev.git 15 | PKG_SOURCE_DATE:=2018-03-07 16 | PKG_SOURCE_VERSION:=d63ff863800a5645aca4309d5dd5962bd1e95543 17 | PKG_MIRROR_HASH:=34308ed827a5dd4f4e35619914102d55b00604faa44fda051d1d25fb4a319325 18 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.xz 19 | 20 | PKG_LICENSE:=GPL-3.0 21 | PKG_LICENSE_FILES:=LICENSE 22 | 23 | PKG_FIXUP:=autoreconf 24 | PKG_USE_MIPS16:=0 25 | PKG_BUILD_FLAGS:=no-mips16 26 | PKG_BUILD_PARALLEL:=1 27 | PKG_INSTALL:=1 28 | 29 | include $(INCLUDE_DIR)/package.mk 30 | 31 | define Package/shadowsocksr-libev/Default 32 | define Package/shadowsocksr-libev-ssr-$(1) 33 | SECTION:=net 34 | CATEGORY:=Network 35 | SUBMENU:=Web Servers/Proxies 36 | TITLE:=shadowsocksr-libev ssr-$(1) 37 | URL:=https://github.com/shadowsocksrr/shadowsocksr-libev 38 | DEPENDS:=+libev +libsodium +libopenssl +libpthread +libpcre2 +libudns +zlib 39 | endef 40 | 41 | define Package/shadowsocksr-libev-ssr-$(1)/install 42 | $$(INSTALL_DIR) $$(1)/usr/bin 43 | $$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/bin/ss-$(1) $$(1)/usr/bin/ssr-$(1) 44 | endef 45 | endef 46 | 47 | SHADOWSOCKSR_COMPONENTS:=check local nat redir server 48 | define shadowsocksr-libev/templates 49 | $(foreach component,$(SHADOWSOCKSR_COMPONENTS), 50 | $(call Package/shadowsocksr-libev/Default,$(component)) 51 | ) 52 | endef 53 | $(eval $(call shadowsocksr-libev/templates)) 54 | 55 | CONFIGURE_ARGS += \ 56 | --disable-documentation \ 57 | --disable-ssp \ 58 | --disable-assert \ 59 | --enable-system-shared-lib 60 | 61 | TARGET_CFLAGS += -flto 62 | TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed 63 | 64 | $(foreach component,$(SHADOWSOCKSR_COMPONENTS), \ 65 | $(eval $(call BuildPackage,shadowsocksr-libev-ssr-$(component))) \ 66 | ) 67 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/0002-Revert-verify_simple-and-auth_simple.patch: -------------------------------------------------------------------------------- 1 | --- a/src/obfs/obfs.c 2 | +++ b/src/obfs/obfs.c 3 | @@ -88,7 +88,7 @@ obfs_class *new_obfs_class(const char *p 4 | plugin->client_decode = tls12_ticket_auth_client_decode; 5 | 6 | return plugin; 7 | - /*} else if (strcmp(plugin_name, "verify_simple") == 0) { 8 | + } else if (strcmp(plugin_name, "verify_simple") == 0) { 9 | obfs_class * plugin = (obfs_class*)malloc(sizeof(obfs_class)); 10 | plugin->init_data = init_data; 11 | plugin->new_obfs = verify_simple_new_obfs; 12 | @@ -115,7 +115,7 @@ obfs_class *new_obfs_class(const char *p 13 | plugin->client_udp_pre_encrypt = NULL; 14 | plugin->client_udp_post_decrypt = NULL; 15 | 16 | - return plugin;*/ 17 | + return plugin; 18 | } else if (strcmp(plugin_name, "auth_sha1") == 0) { 19 | obfs_class *plugin = (obfs_class *) malloc(sizeof(obfs_class)); 20 | plugin->init_data = auth_simple_init_data; 21 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/0003-Refine-Usage.patch: -------------------------------------------------------------------------------- 1 | --- a/src/utils.c 2 | +++ b/src/utils.c 3 | @@ -258,8 +258,6 @@ usage() 4 | { 5 | printf("\n"); 6 | printf("shadowsocks-libev %s with %s\n\n", VERSION, USING_CRYPTO); 7 | - printf( 8 | - " maintained by Max Lv and Linus Yang \n\n"); 9 | printf(" usage:\n\n"); 10 | #ifdef MODULE_LOCAL 11 | printf(" ss-local\n"); 12 | @@ -299,6 +297,25 @@ usage() 13 | " The default cipher is rc4-md5.\n"); 14 | printf("\n"); 15 | printf( 16 | + " -o Obfs of your remote server: plain,\n"); 17 | + printf( 18 | + " http_simple, http_post and tls1.2_ticket_auth.\n"); 19 | + printf( 20 | + " -g Obfs-Param of your remote server.\n"); 21 | + printf( 22 | + " -O Protocol of your remote server: origin,\n"); 23 | + printf( 24 | + " auth_sha1, auth_sha1_v2, auth_sha1_v4,\n"); 25 | + printf( 26 | + " auth_aes128_md5, auth_aes128_sha1,\n"); 27 | + printf( 28 | + " auth_chain_a, auth_chain_b, auth_chain_c,\n"); 29 | + printf( 30 | + " auth_chain_d, auth_chain_e and auth_chain_f.\n"); 31 | + printf( 32 | + " -G Protocol-Param of your remote server.\n"); 33 | + printf("\n"); 34 | + printf( 35 | " [-a ] Run as another user.\n"); 36 | printf( 37 | " [-f ] The file path to store pid.\n"); 38 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/100-fix-gcc-10.patch: -------------------------------------------------------------------------------- 1 | --- a/src/http.h 2 | +++ b/src/http.h 3 | @@ -29,6 +29,6 @@ 4 | #include 5 | #include "protocol.h" 6 | 7 | -const protocol_t *const http_protocol; 8 | +extern const protocol_t *const http_protocol; 9 | 10 | #endif 11 | --- a/src/tls.h 12 | +++ b/src/tls.h 13 | @@ -28,6 +28,6 @@ 14 | 15 | #include "protocol.h" 16 | 17 | -const protocol_t *const tls_protocol; 18 | +extern const protocol_t *const tls_protocol; 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/101-Fix-Werror-sizeof-pointer-memaccess.patch: -------------------------------------------------------------------------------- 1 | --- a/src/local.c 2 | +++ b/src/local.c 3 | @@ -718,7 +718,7 @@ server_recv_cb(EV_P_ ev_io *w, int reven 4 | 5 | ss_free(hostname); 6 | } else { 7 | - strncpy(host, ip, sizeof(ip)); 8 | + strncpy(host, ip, INET6_ADDRSTRLEN); 9 | } 10 | } 11 | 12 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/102-Read-listening-mode-from-config.patch: -------------------------------------------------------------------------------- 1 | --- a/src/jconf.c 2 | +++ b/src/jconf.c 3 | @@ -259,6 +259,19 @@ read_jconf(const char *file) 4 | conf.server_legacy.obfs = to_string(value); 5 | } else if (strcmp(name, "obfs_param") == 0) { // SSR 6 | conf.server_legacy.obfs_param = to_string(value); 7 | + } else if (strcmp(name, "mode") == 0) { 8 | + char *mode_str = to_string(value); 9 | + 10 | + if (strcmp(mode_str, "tcp_only") == 0) 11 | + conf.mode = TCP_ONLY; 12 | + else if (strcmp(mode_str, "tcp_and_udp") == 0) 13 | + conf.mode = TCP_AND_UDP; 14 | + else if (strcmp(mode_str, "udp_only") == 0) 15 | + conf.mode = UDP_ONLY; 16 | + else 17 | + LOGI("ignore unknown mode: %s, use tcp_only as fallback", 18 | + mode_str); 19 | + ss_free(mode_str); 20 | } else { 21 | match = 0; 22 | } 23 | --- a/src/redir.c 24 | +++ b/src/redir.c 25 | @@ -1252,6 +1252,9 @@ main(int argc, char **argv) 26 | if (user == NULL) { 27 | user = conf->user; 28 | } 29 | + if (mode == TCP_ONLY) { 30 | + mode = conf->mode; 31 | + } 32 | if (mtu == 0) { 33 | mtu = conf->mtu; 34 | } 35 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/103-Add-TPROXY-support-for-TCP-ssr-redir.patch: -------------------------------------------------------------------------------- 1 | --- a/completions/bash/ss-redir 2 | +++ b/completions/bash/ss-redir 3 | @@ -2,7 +2,7 @@ _ss_redir() 4 | { 5 | local cur prev opts ciphers 6 | ciphers='rc4-md5 table rc4 aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr bf-cfb camellia-128-cfb camellia-192-cfb camellia-256-cfb cast5-cfb des-cfb idea-cfb rc2-cfb seed-cfb salsa20 chacha20 and chacha20-ietf' 7 | - opts='-s -b -p -k -f -t -m -c -a -n -u -U -v -h -A --mtu --help --mptcp -l' 8 | + opts='-s -b -p -k -f -t -m -c -a -n -u -U -T -v -h -A --mtu --help --mptcp -l' 9 | cur=${COMP_WORDS[COMP_CWORD]} 10 | prev="${COMP_WORDS[COMP_CWORD-1]}" 11 | case "$prev" in 12 | --- a/src/jconf.c 13 | +++ b/src/jconf.c 14 | @@ -338,7 +338,11 @@ read_jconf(const char *file) 15 | check_json_value_type(value, json_boolean, 16 | "invalid config file: option 'ipv6_first' must be a boolean"); 17 | conf.ipv6_first = value->u.boolean; 18 | - } 19 | + } else if (strcmp(name, "tcp_tproxy") == 0) { 20 | + check_json_value_type(value, json_boolean, 21 | + "invalid config file: option 'tcp_tproxy' must be a boolean"); 22 | + conf.tcp_tproxy = value->u.boolean; 23 | + } 24 | } 25 | } 26 | } else { 27 | --- a/src/jconf.h 28 | +++ b/src/jconf.h 29 | @@ -105,6 +105,7 @@ typedef struct { 30 | int mtu; 31 | int mptcp; 32 | int ipv6_first; 33 | + int tcp_tproxy; 34 | } jconf_t; 35 | 36 | jconf_t *read_jconf(const char *file); 37 | --- a/src/redir.c 38 | +++ b/src/redir.c 39 | @@ -71,6 +71,14 @@ 40 | #define IP6T_SO_ORIGINAL_DST 80 41 | #endif 42 | 43 | +#ifndef IP_TRANSPARENT 44 | +#define IP_TRANSPARENT 19 45 | +#endif 46 | + 47 | +#ifndef IPV6_TRANSPARENT 48 | +#define IPV6_TRANSPARENT 75 49 | +#endif 50 | + 51 | #include "includeobfs.h" // I don't want to modify makefile 52 | #include "jconf.h" 53 | 54 | @@ -101,18 +109,28 @@ static struct cork_dllist inactive_profi 55 | static listen_ctx_t *current_profile; 56 | static struct cork_dllist all_connections; 57 | 58 | +static int tcp_tproxy = 0; /* use tproxy instead of redirect (for tcp) */ 59 | + 60 | int 61 | getdestaddr(int fd, struct sockaddr_storage *destaddr) 62 | { 63 | socklen_t socklen = sizeof(*destaddr); 64 | int error = 0; 65 | 66 | - error = getsockopt(fd, SOL_IPV6, IP6T_SO_ORIGINAL_DST, destaddr, &socklen); 67 | - if (error) { // Didn't find a proper way to detect IP version. 68 | - error = getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, destaddr, &socklen); 69 | - if (error) { 70 | - return -1; 71 | - } 72 | + if (tcp_tproxy) { 73 | + error = getsockname(fd, (void *)destaddr, &socklen); 74 | + } else { 75 | + error = getsockopt(fd, SOL_IPV6, IP6T_SO_ORIGINAL_DST, destaddr, &socklen); 76 | + if (error) { // Didn't find a proper way to detect IP version. 77 | + error = getsockopt(fd, SOL_IP, SO_ORIGINAL_DST, destaddr, &socklen); 78 | + if (error) { 79 | + return -1; 80 | + } 81 | + } 82 | + } 83 | + 84 | + if (error) { 85 | + return -1; 86 | } 87 | return 0; 88 | } 89 | @@ -164,6 +182,23 @@ create_and_bind(const char *addr, const 90 | if (err == 0) { 91 | LOGI("tcp port reuse enabled"); 92 | } 93 | + 94 | + if (tcp_tproxy) { 95 | + int level = 0, optname = 0; 96 | + if (rp->ai_family == AF_INET) { 97 | + level = IPPROTO_IP; 98 | + optname = IP_TRANSPARENT; 99 | + } else { 100 | + level = IPPROTO_IPV6; 101 | + optname = IPV6_TRANSPARENT; 102 | + } 103 | + 104 | + if (setsockopt(listen_sock, level, optname, &opt, sizeof(opt)) != 0) { 105 | + ERROR("setsockopt IP_TRANSPARENT"); 106 | + exit(EXIT_FAILURE); 107 | + } 108 | + LOGI("tcp tproxy mode enabled"); 109 | + } 110 | 111 | s = bind(listen_sock, rp->ai_addr, rp->ai_addrlen); 112 | if (s == 0) { 113 | @@ -1094,7 +1129,7 @@ main(int argc, char **argv) 114 | 115 | USE_TTY(); 116 | 117 | - while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUvA6" 118 | + while ((c = getopt_long(argc, argv, "f:s:p:l:k:t:m:c:b:a:n:huUTvA6" 119 | "O:o:G:g:", 120 | long_options, &option_index)) != -1) { 121 | switch (c) { 122 | @@ -1169,6 +1204,9 @@ main(int argc, char **argv) 123 | case 'U': 124 | mode = UDP_ONLY; 125 | break; 126 | + case 'T': 127 | + tcp_tproxy = 1; 128 | + break; 129 | case 'v': 130 | verbose = 1; 131 | break; 132 | @@ -1255,6 +1293,9 @@ main(int argc, char **argv) 133 | if (mode == TCP_ONLY) { 134 | mode = conf->mode; 135 | } 136 | + if (tcp_tproxy == 0) { 137 | + tcp_tproxy = conf->tcp_tproxy; 138 | + } 139 | if (mtu == 0) { 140 | mtu = conf->mtu; 141 | } 142 | --- a/src/utils.c 143 | +++ b/src/utils.c 144 | @@ -342,6 +342,10 @@ usage() 145 | #endif 146 | printf( 147 | " [-U] Enable UDP relay and disable TCP relay.\n"); 148 | +#ifdef MODULE_REDIR 149 | + printf( 150 | + " [-T] Use tproxy instead of redirect (for tcp).\n"); 151 | +#endif 152 | #ifdef MODULE_REMOTE 153 | printf( 154 | " [-6] Resovle hostname to IPv6 address first.\n"); 155 | -------------------------------------------------------------------------------- /shadowsocksr-libev/patches/104-fix-use-after-free.patch: -------------------------------------------------------------------------------- 1 | From 445a484de9c9bf801572d970f45ad0e11a18e35d Mon Sep 17 00:00:00 2001 2 | From: MoetaYuko 3 | Date: Sun, 31 Mar 2024 19:06:59 +0800 4 | Subject: [PATCH] shadowsocksr-libev: fix use-after-free due to a typo (#193) 5 | 6 | --- 7 | shadowsocksr-libev/src/server/server.c | 2 +- 8 | 1 file changed, 1 insertion(+), 1 deletion(-) 9 | 10 | --- a/server/server.c 11 | +++ b/server/server.c 12 | @@ -1943,7 +1943,7 @@ main(int argc, char **argv) 13 | memcpy(text, protocol, strlen(protocol) - 11); 14 | int length = strlen(protocol) - 11; 15 | free(protocol); 16 | - obfs = (char*)malloc(length); 17 | + protocol = (char*)malloc(length); 18 | memset(protocol, 0x00, length); 19 | memcpy(protocol, text, length); 20 | LOGI("protocol compatible enable, %s", protocol); 21 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/Makefile.am: -------------------------------------------------------------------------------- 1 | VERSION_INFO = 2:0:0 2 | 3 | AM_CFLAGS = -g -O2 -Wall -Werror -Wno-deprecated-declarations -fno-strict-aliasing -std=gnu99 -D_GNU_SOURCE 4 | AM_CFLAGS += $(PTHREAD_CFLAGS) 5 | if !USE_SYSTEM_SHARED_LIB 6 | AM_CFLAGS += -I$(top_srcdir)/libev 7 | AM_CFLAGS += -I$(top_srcdir)/libudns 8 | AM_CFLAGS += -I$(top_srcdir)/libsodium/src/libsodium/include 9 | endif 10 | AM_CFLAGS += -I$(top_srcdir)/libipset/include 11 | AM_CFLAGS += -I$(top_srcdir)/libcork/include 12 | AM_CFLAGS += $(LIBPCRE_CFLAGS) 13 | 14 | SS_COMMON_LIBS = $(top_builddir)/libipset/libipset.la \ 15 | $(top_builddir)/libcork/libcork.la \ 16 | $(INET_NTOP_LIB) $(LIBPCRE_LIBS) 17 | if USE_SYSTEM_SHARED_LIB 18 | SS_COMMON_LIBS += -lev -lsodium -lm 19 | else 20 | SS_COMMON_LIBS += $(top_builddir)/libev/libev.la \ 21 | $(top_builddir)/libsodium/src/libsodium/libsodium.la 22 | endif 23 | 24 | bin_PROGRAMS = ss-server ss-check 25 | 26 | sni_src = http.c \ 27 | tls.c \ 28 | rule.c 29 | 30 | ss_check_SOURCES = check.c 31 | 32 | ss_server_SOURCES = utils.c \ 33 | netutils.c \ 34 | jconf.c \ 35 | json.c \ 36 | encrypt.c \ 37 | udprelay.c \ 38 | cache.c \ 39 | acl.c \ 40 | resolv.c \ 41 | server.c \ 42 | $(sni_src) 43 | 44 | 45 | ss_check_LDADD = $(SS_COMMON_LIBS) 46 | ss_server_LDADD = $(SS_COMMON_LIBS) 47 | 48 | if USE_SYSTEM_SHARED_LIB 49 | ss_server_LDADD += -ludns 50 | else 51 | ss_server_LDADD += $(top_builddir)/libudns/libudns.la 52 | endif 53 | 54 | ss_check_CFLAGS = $(AM_CFLAGS) 55 | ss_server_CFLAGS = $(AM_CFLAGS) -DMODULE_REMOTE 56 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/README.md: -------------------------------------------------------------------------------- 1 | # server 2 | 3 | `ss-server` and `ss-check` from https://github.com/ywb94/shadowsocks-libev 4 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/acl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * acl.h - Define the ACL interface 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _ACL_H 24 | #define _ACL_H 25 | 26 | #define BLACK_LIST 0 27 | #define WHITE_LIST 1 28 | 29 | #define MAX_TRIES 64 30 | #define MALICIOUS 8 31 | #define SUSPICIOUS 4 32 | #define BAD 2 33 | #define MALFORMED 1 34 | 35 | int init_acl(const char *path); 36 | void free_acl(void); 37 | void clear_block_list(void); 38 | 39 | int acl_match_host(const char *ip); 40 | int acl_add_ip(const char *ip); 41 | int acl_remove_ip(const char *ip); 42 | 43 | int get_acl_mode(void); 44 | 45 | void init_block_list(int firewall); 46 | void free_block_list(); 47 | int check_block_list(char *addr); 48 | int update_block_list(char *addr, int err_level); 49 | int remove_from_block_list(char *addr); 50 | 51 | int outbound_block_match_host(const char *host); 52 | 53 | #endif // _ACL_H 54 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/auth.h: -------------------------------------------------------------------------------- 1 | /* 2 | * auth.h - Define shadowsocksR server's buffers and callbacks 3 | * 4 | * Copyright (C) 2015 - 2016, Break Wa11 5 | */ 6 | 7 | #ifndef _AUTH_H 8 | #define _AUTH_H 9 | 10 | void * auth_simple_init_data(); 11 | obfs * auth_simple_new_obfs(); 12 | void auth_simple_dispose(obfs *self); 13 | 14 | int auth_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 15 | int auth_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 16 | 17 | 18 | int auth_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 19 | int auth_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 20 | 21 | int auth_sha1_v2_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 22 | int auth_sha1_v2_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 23 | 24 | int auth_sha1_v4_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 25 | int auth_sha1_v4_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 26 | 27 | int auth_aes128_sha1_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 28 | int auth_aes128_sha1_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 29 | 30 | #endif // _AUTH_H 31 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/base64.c: -------------------------------------------------------------------------------- 1 | #include "base64.h" 2 | 3 | /* BASE 64 encode table */ 4 | static const char base64en[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 5 | 6 | #define BASE64_PAD '=' 7 | 8 | #define BASE64DE_FIRST '+' 9 | #define BASE64DE_LAST 'z' 10 | 11 | /* ASCII order for BASE 64 decode, -1 in unused character */ 12 | static const signed char base64de[] = { 13 | -1, -1, -1, -1, -1, -1, -1, -1, 14 | -1, -1, -1, -1, -1, -1, -1, -1, 15 | -1, -1, -1, -1, -1, -1, -1, -1, 16 | -1, -1, -1, -1, -1, -1, -1, -1, 17 | -1, -1, -1, -1, -1, -1, -1, -1, 18 | /* '+', ',', '-', '.', '/', */ 19 | -1, -1, -1, 62, -1, -1, -1, 63, 20 | /* '0', '1', '2', '3', '4', '5', '6', '7', */ 21 | 52, 53, 54, 55, 56, 57, 58, 59, 22 | /* '8', '9', ':', ';', '<', '=', '>', '?', */ 23 | 60, 61, -1, -1, -1, -1, -1, -1, 24 | /* '@', 'A', 'B', 'C', 'D', 'E', 'F', 'G', */ 25 | -1, 0, 1, 2, 3, 4, 5, 6, 26 | /* 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', */ 27 | 7, 8, 9, 10, 11, 12, 13, 14, 28 | /* 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', */ 29 | 15, 16, 17, 18, 19, 20, 21, 22, 30 | /* 'X', 'Y', 'Z', '[', '\', ']', '^', '_', */ 31 | 23, 24, 25, -1, -1, -1, -1, -1, 32 | /* '`', 'a', 'b', 'c', 'd', 'e', 'f', 'g', */ 33 | -1, 26, 27, 28, 29, 30, 31, 32, 34 | /* 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', */ 35 | 33, 34, 35, 36, 37, 38, 39, 40, 36 | /* 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', */ 37 | 41, 42, 43, 44, 45, 46, 47, 48, 38 | /* 'x', 'y', 'z', */ 39 | 49, 50, 51, 40 | }; 41 | 42 | int 43 | base64_encode(const unsigned char *in, unsigned int inlen, char *out) 44 | { 45 | unsigned int i, j; 46 | 47 | for (i = j = 0; i < inlen; i++) { 48 | int s = i % 3; /* from 6/gcd(6, 8) */ 49 | 50 | switch (s) { 51 | case 0: 52 | out[j++] = base64en[(in[i] >> 2) & 0x3F]; 53 | continue; 54 | case 1: 55 | out[j++] = base64en[((in[i-1] & 0x3) << 4) + ((in[i] >> 4) & 0xF)]; 56 | continue; 57 | case 2: 58 | out[j++] = base64en[((in[i-1] & 0xF) << 2) + ((in[i] >> 6) & 0x3)]; 59 | out[j++] = base64en[in[i] & 0x3F]; 60 | } 61 | } 62 | 63 | /* move back */ 64 | i -= 1; 65 | 66 | /* check the last and add padding */ 67 | if ((i % 3) == 0) { 68 | out[j++] = base64en[(in[i] & 0x3) << 4]; 69 | out[j++] = BASE64_PAD; 70 | out[j++] = BASE64_PAD; 71 | } else if ((i % 3) == 1) { 72 | out[j++] = base64en[(in[i] & 0xF) << 2]; 73 | out[j++] = BASE64_PAD; 74 | } 75 | 76 | return BASE64_OK; 77 | } 78 | 79 | int 80 | base64_decode(const char *in, unsigned int inlen, unsigned char *out) 81 | { 82 | unsigned int i, j; 83 | 84 | for (i = j = 0; i < inlen; i++) { 85 | int c; 86 | int s = i % 4; /* from 8/gcd(6, 8) */ 87 | 88 | if (in[i] == '=') 89 | return BASE64_OK; 90 | 91 | if (in[i] < BASE64DE_FIRST || in[i] > BASE64DE_LAST || 92 | (c = base64de[(int)in[i]]) == -1) 93 | return BASE64_INVALID; 94 | 95 | switch (s) { 96 | case 0: 97 | out[j] = ((unsigned int)c << 2) & 0xFF; 98 | continue; 99 | case 1: 100 | out[j++] += ((unsigned int)c >> 4) & 0x3; 101 | 102 | /* if not last char with padding */ 103 | if (i < (inlen - 3) || in[inlen - 2] != '=') 104 | out[j] = ((unsigned int)c & 0xF) << 4; 105 | continue; 106 | case 2: 107 | out[j++] += ((unsigned int)c >> 2) & 0xF; 108 | 109 | /* if not last char with padding */ 110 | if (i < (inlen - 2) || in[inlen - 1] != '=') 111 | out[j] = ((unsigned int)c & 0x3) << 6; 112 | continue; 113 | case 3: 114 | out[j++] += (unsigned char)c; 115 | } 116 | } 117 | 118 | return BASE64_OK; 119 | } 120 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/base64.h: -------------------------------------------------------------------------------- 1 | #ifndef __BASE64_H__ 2 | #define __BASE64_H__ 3 | 4 | enum {BASE64_OK = 0, BASE64_INVALID}; 5 | 6 | #define BASE64_ENCODE_OUT_SIZE(s) (((s) + 2) / 3 * 4) 7 | #define BASE64_DECODE_OUT_SIZE(s) (((s)) / 4 * 3) 8 | 9 | int 10 | base64_encode(const unsigned char *in, unsigned int inlen, char *out); 11 | 12 | int 13 | base64_decode(const char *in, unsigned int inlen, unsigned char *out); 14 | 15 | 16 | #endif /* __BASE64_H__ */ 17 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/cache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * cache.h - Define the cache manager interface 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | /* 24 | * Original Author: Oliver Lorenz (ol), olli@olorenz.org, https://olorenz.org 25 | * License: This is licensed under the same terms as uthash itself 26 | */ 27 | 28 | #ifndef _CACHE_ 29 | #define _CACHE_ 30 | 31 | #include "uthash.h" 32 | #include "ev.h" 33 | 34 | /** 35 | * A cache entry 36 | */ 37 | struct cache_entry { 38 | char *key; /** 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _COMMON_H 23 | #define _COMMON_H 24 | 25 | #define DEFAULT_CONF_PATH "/etc/shadowsocks-libev/config.json" 26 | 27 | #ifndef SOL_TCP 28 | #define SOL_TCP IPPROTO_TCP 29 | #endif 30 | 31 | #if defined(MODULE_TUNNEL) || defined(MODULE_REDIR) 32 | #define MODULE_LOCAL 33 | #endif 34 | 35 | int init_udprelay(const char *server_host, const char *server_port, 36 | #ifdef MODULE_LOCAL 37 | const struct sockaddr *remote_addr, const int remote_addr_len, 38 | #ifdef MODULE_TUNNEL 39 | const ss_addr_t tunnel_addr, 40 | #endif 41 | #endif 42 | int mtu, int method, int auth, int timeout, const char *iface, const char *protocol, const char *protocol_param); 43 | 44 | void free_udprelay(void); 45 | 46 | #ifdef ANDROID 47 | int protect_socket(int fd); 48 | int send_traffic_stat(uint64_t tx, uint64_t rx); 49 | #endif 50 | 51 | #define STAGE_ERROR -1 /* Error detected */ 52 | #define STAGE_INIT 0 /* Initial stage */ 53 | #define STAGE_HANDSHAKE 1 /* Handshake with client */ 54 | #define STAGE_PARSE 2 /* Parse the header */ 55 | #define STAGE_RESOLVE 4 /* Resolve the hostname */ 56 | #define STAGE_STREAM 5 /* Stream between client and server */ 57 | 58 | #endif // _COMMON_H 59 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/crc32.c: -------------------------------------------------------------------------------- 1 | static uint32_t crc32_table[256] = {0}; 2 | 3 | void init_crc32_table(void) { 4 | uint32_t c, i, j; 5 | if (crc32_table[0] == 0) { 6 | for (i = 0; i < 256; i++) { 7 | c = i; 8 | for (j = 0; j < 8; j++) { 9 | if (c & 1) 10 | c = 0xedb88320L ^ (c >> 1); 11 | else 12 | c = c >> 1; 13 | } 14 | crc32_table[i] = c; 15 | } 16 | } 17 | } 18 | 19 | uint32_t crc32(unsigned char *buffer, unsigned int size) { 20 | uint32_t crc = 0xFFFFFFFF; 21 | unsigned int i; 22 | for (i = 0; i < size; i++) { 23 | crc = crc32_table[(crc ^ buffer[i]) & 0xFF] ^ (crc >> 8); 24 | } 25 | return crc ^ 0xFFFFFFFF; 26 | } 27 | 28 | void fillcrc32to(unsigned char *buffer, unsigned int size, unsigned char *outbuffer) { 29 | uint32_t crc = 0xFFFFFFFF; 30 | unsigned int i; 31 | for (i = 0; i < size; i++) { 32 | crc = crc32_table[(crc ^ buffer[i]) & 0xff] ^ (crc >> 8); 33 | } 34 | crc ^= 0xFFFFFFFF; 35 | outbuffer[0] = crc; 36 | outbuffer[1] = crc >> 8; 37 | outbuffer[2] = crc >> 16; 38 | outbuffer[3] = crc >> 24; 39 | } 40 | 41 | void fillcrc32(unsigned char *buffer, unsigned int size) { 42 | uint32_t crc = 0xFFFFFFFF; 43 | unsigned int i; 44 | size -= 4; 45 | for (i = 0; i < size; i++) { 46 | crc = crc32_table[(crc ^ buffer[i]) & 0xff] ^ (crc >> 8); 47 | } 48 | buffer += size; 49 | buffer[0] = crc; 50 | buffer[1] = crc >> 8; 51 | buffer[2] = crc >> 16; 52 | buffer[3] = crc >> 24; 53 | } 54 | 55 | void adler32_short(unsigned char *buffer, unsigned int size, uint32_t *a, uint32_t *b) { 56 | for (int i = 0; i < size; i++) { 57 | *a += buffer[i]; 58 | *b += *a; 59 | } 60 | *a %= 65521; 61 | *b %= 65521; 62 | } 63 | 64 | #define NMAX 5552 65 | uint32_t adler32(unsigned char *buffer, unsigned int size) { 66 | uint32_t a = 1; 67 | uint32_t b = 0; 68 | while ( size >= NMAX ) { 69 | adler32_short(buffer, NMAX, &a, &b); 70 | buffer += NMAX; 71 | size -= NMAX; 72 | } 73 | adler32_short(buffer, size, &a, &b); 74 | return (b << 16) + a; 75 | } 76 | #undef NMAX 77 | 78 | void filladler32(unsigned char *buffer, unsigned int size) { 79 | size -= 4; 80 | uint32_t checksum = adler32(buffer, size); 81 | buffer += size; 82 | buffer[0] = checksum; 83 | buffer[1] = checksum >> 8; 84 | buffer[2] = checksum >> 16; 85 | buffer[3] = checksum >> 24; 86 | } 87 | 88 | int checkadler32(unsigned char *buffer, unsigned int size) { 89 | size -= 4; 90 | uint32_t checksum = adler32(buffer, size); 91 | buffer += size; 92 | return checksum == (((uint32_t)buffer[3] << 24) 93 | | ((uint32_t)buffer[2] << 16) 94 | | ((uint32_t)buffer[1] << 8) 95 | | (uint32_t)buffer[0]); 96 | } 97 | 98 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/http.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | 27 | #ifdef HAVE_CONFIG_H 28 | #include "config.h" 29 | #endif 30 | 31 | #include 32 | #include /* malloc() */ 33 | #include /* strncpy() */ 34 | #include /* strncasecmp() */ 35 | #include /* isblank() */ 36 | 37 | #include "http.h" 38 | #include "protocol.h" 39 | 40 | #define SERVER_NAME_LEN 256 41 | 42 | static int parse_http_header(const char *, size_t, char **); 43 | static int get_header(const char *, const char *, int, char **); 44 | static int next_header(const char **, int *); 45 | 46 | static const protocol_t http_protocol_st = { 47 | .default_port = 80, 48 | .parse_packet = &parse_http_header, 49 | }; 50 | const protocol_t *const http_protocol = &http_protocol_st; 51 | 52 | /* 53 | * Parses a HTTP request for the Host: header 54 | * 55 | * Returns: 56 | * >=0 - length of the hostname and updates *hostname 57 | * caller is responsible for freeing *hostname 58 | * -1 - Incomplete request 59 | * -2 - No Host header included in this request 60 | * -3 - Invalid hostname pointer 61 | * -4 - malloc failure 62 | * < -4 - Invalid HTTP request 63 | * 64 | */ 65 | static int 66 | parse_http_header(const char *data, size_t data_len, char **hostname) 67 | { 68 | int result, i; 69 | 70 | if (hostname == NULL) 71 | return -3; 72 | 73 | if (data_len == 0) 74 | return -1; 75 | 76 | result = get_header("Host:", data, data_len, hostname); 77 | if (result < 0) 78 | return result; 79 | 80 | /* 81 | * if the user specifies the port in the request, it is included here. 82 | * Host: example.com:80 83 | * so we trim off port portion 84 | */ 85 | for (i = result - 1; i >= 0; i--) 86 | if ((*hostname)[i] == ':') { 87 | (*hostname)[i] = '\0'; 88 | result = i; 89 | break; 90 | } 91 | 92 | return result; 93 | } 94 | 95 | static int 96 | get_header(const char *header, const char *data, int data_len, char **value) 97 | { 98 | int len, header_len; 99 | 100 | header_len = strlen(header); 101 | 102 | /* loop through headers stopping at first blank line */ 103 | while ((len = next_header(&data, &data_len)) != 0) 104 | if (len > header_len && strncasecmp(header, data, header_len) == 0) { 105 | /* Eat leading whitespace */ 106 | while (header_len < len && isblank(data[header_len])) 107 | header_len++; 108 | 109 | *value = malloc(len - header_len + 1); 110 | if (*value == NULL) 111 | return -4; 112 | 113 | strncpy(*value, data + header_len, len - header_len); 114 | (*value)[len - header_len] = '\0'; 115 | 116 | return len - header_len; 117 | } 118 | 119 | /* If there is no data left after reading all the headers then we do not 120 | * have a complete HTTP request, there must be a blank line */ 121 | if (data_len == 0) 122 | return -1; 123 | 124 | return -2; 125 | } 126 | 127 | static int 128 | next_header(const char **data, int *len) 129 | { 130 | int header_len; 131 | 132 | /* perhaps we can optimize this to reuse the value of header_len, rather 133 | * than scanning twice. 134 | * Walk our data stream until the end of the header */ 135 | while (*len > 2 && (*data)[0] != '\r' && (*data)[1] != '\n') { 136 | (*len)--; 137 | (*data)++; 138 | } 139 | 140 | /* advanced past the pair */ 141 | *data += 2; 142 | *len -= 2; 143 | 144 | /* Find the length of the next header */ 145 | header_len = 0; 146 | while (*len > header_len + 1 147 | && (*data)[header_len] != '\r' 148 | && (*data)[header_len + 1] != '\n') 149 | header_len++; 150 | 151 | return header_len; 152 | } 153 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/http.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef HTTP_H 27 | #define HTTP_H 28 | 29 | #include 30 | #include "protocol.h" 31 | 32 | const protocol_t *const http_protocol; 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/http_simple.h: -------------------------------------------------------------------------------- 1 | /* 2 | * http_simple.h - Define shadowsocksR server's buffers and callbacks 3 | * 4 | * Copyright (C) 2015 - 2016, Break Wa11 5 | */ 6 | 7 | #ifndef _HTTP_SIMPLE_H 8 | #define _HTTP_SIMPLE_H 9 | 10 | obfs * http_simple_new_obfs(); 11 | void http_simple_dispose(obfs *self); 12 | 13 | int http_simple_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity); 14 | int http_simple_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback); 15 | 16 | int http_post_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity); 17 | 18 | int http_simple_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity); 19 | int http_simple_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback); 20 | 21 | #endif // _HTTP_SIMPLE_H 22 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/jconf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * jconf.h - Define the config data structure 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * shadowsocks-libev is free software; you can redistribute it and/or modify 8 | * it under the terms of the GNU General Public License as published by 9 | * the Free Software Foundation; either version 3 of the License, or 10 | * (at your option) any later version. 11 | * 12 | * shadowsocks-libev is distributed in the hope that it will be useful, 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | * GNU General Public License for more details. 16 | * 17 | * You should have received a copy of the GNU General Public License 18 | * along with shadowsocks-libev; see the file COPYING. If not, see 19 | * . 20 | */ 21 | 22 | #ifndef _JCONF_H 23 | #define _JCONF_H 24 | 25 | #define MAX_PORT_NUM 1024 26 | #define MAX_REMOTE_NUM 10 27 | #define MAX_CONF_SIZE 128 * 1024 28 | #define MAX_DNS_NUM 4 29 | #define MAX_CONNECT_TIMEOUT 10 30 | #define MAX_REQUEST_TIMEOUT 60 31 | #define MIN_UDP_TIMEOUT 10 32 | 33 | #define TCP_ONLY 0 34 | #define TCP_AND_UDP 1 35 | #define UDP_ONLY 3 36 | 37 | typedef struct { 38 | char *host; 39 | char *port; 40 | } ss_addr_t; 41 | 42 | typedef struct { 43 | char *port; 44 | char *password; 45 | } ss_port_password_t; 46 | 47 | typedef struct { 48 | int remote_num; 49 | ss_addr_t remote_addr[MAX_REMOTE_NUM]; 50 | int port_password_num; 51 | ss_port_password_t port_password[MAX_PORT_NUM]; 52 | char *remote_port; 53 | char *local_addr; 54 | char *local_port; 55 | char *password; 56 | char *protocol; // SSR 57 | char *protocol_param; // SSR 58 | char *method; 59 | char *obfs; // SSR 60 | char *obfs_param; // SSR 61 | char *timeout; 62 | char *user; 63 | int auth; 64 | int fast_open; 65 | int nofile; 66 | char *nameserver; 67 | char *tunnel_address; 68 | int mode; 69 | int mtu; 70 | int mptcp; 71 | int ipv6_first; 72 | } jconf_t; 73 | 74 | jconf_t *read_jconf(const char *file); 75 | void parse_addr(const char *str, ss_addr_t *addr); 76 | void free_addr(ss_addr_t *addr); 77 | 78 | #endif // _JCONF_H 79 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/list.h: -------------------------------------------------------------------------------- 1 | #ifndef LIST_H_H 2 | #define LIST_H_H 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | typedef struct clist *List; 9 | 10 | typedef int (*compare)(void *ndata, void *data); 11 | typedef void (*dofunc)(void *ndata); 12 | 13 | typedef int (*lpf0)(List l, void *data); 14 | typedef int (*lpf1)(List l, void *data, compare pfunc); 15 | typedef List (*lpf2)(List l); 16 | typedef void (*lpf3)(List l); 17 | typedef void (*lpf4)(List l, dofunc pfunc); 18 | typedef int (*lpf5)(List l, unsigned int index, void *new_data); 19 | typedef void (*lpf6)(List l, compare pfunc); 20 | typedef int (*lpf7)(List l, unsigned int index); 21 | 22 | typedef struct cnode 23 | { 24 | void *data; 25 | struct cnode *next; 26 | }node, *Node; 27 | 28 | typedef struct clist 29 | { 30 | Node head; 31 | Node tail; 32 | unsigned int size; 33 | unsigned int data_size; 34 | lpf0 add_back; 35 | lpf0 add_front; 36 | lpf1 delete_node; 37 | lpf1 have_same; 38 | lpf0 have_same_cmp; 39 | lpf4 foreach; 40 | lpf3 clear; 41 | lpf2 destroy; 42 | lpf5 modify_at; 43 | lpf6 sort; 44 | lpf7 delete_at; 45 | }list; 46 | 47 | //初始化链表 48 | List list_init(unsigned int data_size); 49 | int list_add_back(List l, void *data); 50 | int list_add_front(List l, void *data); 51 | int list_delete_node(List l, void *data, compare pfunc); 52 | int list_delete_at(List l, unsigned int index); 53 | int list_modify_at(List l, unsigned int index, void *new_data); 54 | int list_have_same(List l, void *data, compare pfunc); 55 | int list_have_same_cmp(List l, void *data); 56 | void list_foreach(List l, dofunc doit); 57 | void list_sort(List l, compare pfunc); 58 | void list_clear(List l); 59 | //释放链表 60 | List list_destroy(List l); 61 | #endif 62 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/netutils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * netutils.h - Network utilities 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _NETUTILS_H 24 | #define _NETUTILS_H 25 | 26 | #if defined(__linux__) 27 | #include 28 | #elif !defined(__MINGW32__) 29 | #include 30 | #endif 31 | 32 | // only enable TCP_FASTOPEN on linux 33 | #if defined(__linux__) 34 | #include 35 | /* conditional define for TCP_FASTOPEN */ 36 | #ifndef TCP_FASTOPEN 37 | #define TCP_FASTOPEN 23 38 | #endif 39 | /* conditional define for MSG_FASTOPEN */ 40 | #ifndef MSG_FASTOPEN 41 | #define MSG_FASTOPEN 0x20000000 42 | #endif 43 | #elif !defined(__APPLE__) 44 | #ifdef TCP_FASTOPEN 45 | #undef TCP_FASTOPEN 46 | #endif 47 | #endif 48 | 49 | /* Backward compatibility for MPTCP_ENABLED between kernel 3 & 4 */ 50 | #ifndef MPTCP_ENABLED 51 | #ifdef TCP_CC_INFO 52 | #define MPTCP_ENABLED 42 53 | #else 54 | #define MPTCP_ENABLED 26 55 | #endif 56 | #endif 57 | 58 | /** byte size of ip4 address */ 59 | #define INET_SIZE 4 60 | /** byte size of ip6 address */ 61 | #define INET6_SIZE 16 62 | 63 | size_t get_sockaddr_len(struct sockaddr *addr); 64 | ssize_t get_sockaddr(char *host, char *port, 65 | struct sockaddr_storage *storage, int block, 66 | int ipv6first); 67 | int set_reuseport(int socket); 68 | 69 | #ifdef SET_INTERFACE 70 | int setinterface(int socket_fd, const char *interface_name); 71 | #endif 72 | 73 | int bind_to_address(int socket_fd, const char *address); 74 | 75 | /** 76 | * Compare two sockaddrs. Imposes an ordering on the addresses. 77 | * Compares address and port. 78 | * @param addr1: address 1. 79 | * @param addr2: address 2. 80 | * @param len: lengths of addr. 81 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 82 | */ 83 | int sockaddr_cmp(struct sockaddr_storage *addr1, 84 | struct sockaddr_storage *addr2, socklen_t len); 85 | 86 | /** 87 | * Compare two sockaddrs. Compares address, not the port. 88 | * @param addr1: address 1. 89 | * @param addr2: address 2. 90 | * @param len: lengths of addr. 91 | * @return: 0 if addr1 == addr2. -1 if addr1 is smaller, +1 if larger. 92 | */ 93 | int sockaddr_cmp_addr(struct sockaddr_storage *addr1, 94 | struct sockaddr_storage *addr2, socklen_t len); 95 | 96 | int validate_hostname(const char *hostname, const int hostname_len); 97 | 98 | #endif 99 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/obfs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * obfs.h - Define shadowsocksR server's buffers and callbacks 3 | * 4 | * Copyright (C) 2015 - 2016, Break Wa11 5 | */ 6 | 7 | #ifndef _OBFS_H 8 | #define _OBFS_H 9 | 10 | #include 11 | #include 12 | 13 | typedef struct server_info { 14 | char host[64]; 15 | uint16_t port; 16 | char *param; 17 | void *g_data; 18 | uint8_t *iv; 19 | size_t iv_len; 20 | uint8_t *recv_iv; 21 | size_t recv_iv_len; 22 | uint8_t *key; 23 | size_t key_len; 24 | int head_len; 25 | size_t tcp_mss; 26 | }server_info; 27 | 28 | typedef struct obfs { 29 | server_info server; 30 | void *l_data; 31 | }obfs; 32 | 33 | typedef struct obfs_class { 34 | void * (*init_data)(); 35 | obfs * (*new_obfs)(); 36 | void (*get_server_info)(obfs *self, server_info *server); 37 | void (*set_server_info)(obfs *self, server_info *server); 38 | void (*dispose)(obfs *self); 39 | 40 | int (*client_pre_encrypt)(obfs *self, 41 | char **pplaindata, 42 | int datalength, 43 | size_t* capacity); 44 | int (*client_encode)(obfs *self, 45 | char **pencryptdata, 46 | int datalength, 47 | size_t* capacity); 48 | int (*client_decode)(obfs *self, 49 | char **pencryptdata, 50 | int datalength, 51 | size_t* capacity, 52 | int *needsendback); 53 | int (*client_post_decrypt)(obfs *self, 54 | char **pplaindata, 55 | int datalength, 56 | size_t* capacity); 57 | int (*client_udp_pre_encrypt)(obfs *self, 58 | char **pplaindata, 59 | int datalength, 60 | size_t* capacity); 61 | int (*client_udp_post_decrypt)(obfs *self, 62 | char **pplaindata, 63 | int datalength, 64 | size_t* capacity); 65 | int (*server_pre_encrypt)(obfs *self, 66 | char **pplaindata, 67 | int datalength, 68 | size_t* capacity); 69 | int (*server_post_decrypt)(obfs *self, 70 | char **pplaindata, 71 | int datalength, 72 | size_t* capacity); 73 | int (*server_udp_pre_encrypt)(obfs *self, 74 | char **pplaindata, 75 | int datalength, 76 | size_t* capacity); 77 | int (*server_udp_post_decrypt)(obfs *self, 78 | char **pplaindata, 79 | int datalength, 80 | size_t* capacity); 81 | int (*server_encode)(obfs *self, 82 | char **pencryptdata, 83 | int datalength, 84 | size_t* capacity); 85 | int (*server_decode)(obfs *self, 86 | char **pencryptdata, 87 | int datalength, 88 | size_t* capacity, 89 | int *needsendback); 90 | }obfs_class; 91 | 92 | obfs_class * new_obfs_class(char *plugin_name); 93 | void free_obfs_class(obfs_class *plugin); 94 | 95 | void set_server_info(obfs *self, server_info *server); 96 | void get_server_info(obfs *self, server_info *server); 97 | obfs * new_obfs(); 98 | void dispose_obfs(obfs *self); 99 | 100 | #endif // _OBFS_H 101 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/obfsutil.c: -------------------------------------------------------------------------------- 1 | int get_head_size(char *plaindata, int size, int def_size) { 2 | if (plaindata == NULL || size < 2) 3 | return def_size; 4 | int head_type = plaindata[0] & 0x7; 5 | if (head_type == 1) 6 | return 7; 7 | if (head_type == 4) 8 | return 19; 9 | if (head_type == 3) 10 | return 4 + plaindata[1]; 11 | return def_size; 12 | } 13 | 14 | static int shift128plus_init_flag = 0; 15 | static uint64_t shift128plus_s[2] = {0x10000000, 0xFFFFFFFF}; 16 | 17 | void init_shift128plus(void) { 18 | if (shift128plus_init_flag == 0) { 19 | shift128plus_init_flag = 1; 20 | uint32_t seed = time(NULL); 21 | shift128plus_s[0] = seed | 0x100000000L; 22 | shift128plus_s[1] = ((uint64_t)seed << 32) | 0x1; 23 | } 24 | } 25 | 26 | uint64_t xorshift128plus(void) { 27 | uint64_t x = shift128plus_s[0]; 28 | uint64_t const y = shift128plus_s[1]; 29 | shift128plus_s[0] = y; 30 | x ^= x << 23; // a 31 | x ^= x >> 17; // b 32 | x ^= y ^ (y >> 26); // c 33 | shift128plus_s[1] = x; 34 | return x + y; 35 | } 36 | 37 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef PROTOCOL_H 27 | #define PROTOCOL_H 28 | 29 | typedef struct protocol { 30 | const int default_port; 31 | int(*const parse_packet)(const char *, size_t, char **); 32 | } protocol_t; 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/resolv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2014, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef RESOLV_H 27 | #define RESOLV_H 28 | 29 | #ifdef HAVE_CONFIG_H 30 | #include "config.h" 31 | #endif 32 | 33 | #include 34 | 35 | #ifdef __MINGW32__ 36 | #include "win32.h" 37 | #else 38 | #include 39 | #endif 40 | 41 | struct ResolvQuery; 42 | 43 | int resolv_init(struct ev_loop *, char **, int, int); 44 | struct ResolvQuery *resolv_query(const char *, void (*)(struct sockaddr *, 45 | void *), void (*)( 46 | void *), void *, uint16_t); 47 | void resolv_cancel(struct ResolvQuery *); 48 | void resolv_shutdown(struct ev_loop *); 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/rule.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * Copyright (c) 2011 Manuel Kasper 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | 28 | #ifdef HAVE_CONFIG_H 29 | #include "config.h" 30 | #endif 31 | 32 | #include 33 | #include 34 | 35 | #ifdef __MINGW32__ 36 | extern void ss_error(const char *s); 37 | #endif 38 | 39 | #include "rule.h" 40 | #include "utils.h" 41 | 42 | static void free_rule(rule_t *); 43 | 44 | rule_t * 45 | new_rule() 46 | { 47 | rule_t *rule; 48 | 49 | rule = calloc(1, sizeof(rule_t)); 50 | if (rule == NULL) { 51 | ERROR("malloc"); 52 | return NULL; 53 | } 54 | 55 | return rule; 56 | } 57 | 58 | int 59 | accept_rule_arg(rule_t *rule, const char *arg) 60 | { 61 | if (rule->pattern == NULL) { 62 | rule->pattern = strdup(arg); 63 | if (rule->pattern == NULL) { 64 | ERROR("strdup failed"); 65 | return -1; 66 | } 67 | } else { 68 | LOGE("Unexpected table rule argument: %s", arg); 69 | return -1; 70 | } 71 | 72 | return 1; 73 | } 74 | 75 | void 76 | add_rule(struct cork_dllist *rules, rule_t *rule) 77 | { 78 | cork_dllist_add(rules, &rule->entries); 79 | } 80 | 81 | int 82 | init_rule(rule_t *rule) 83 | { 84 | if (rule->pattern_re == NULL) { 85 | int errornumber; 86 | PCRE2_SIZE erroroffset; 87 | rule->pattern_re = pcre2_compile( 88 | (PCRE2_SPTR)rule->pattern, /* the pattern */ 89 | PCRE2_ZERO_TERMINATED, /* indicates pattern is zero-terminated */ 90 | 0, /* default options */ 91 | &errornumber, /* for error number */ 92 | &erroroffset, /* for error offset */ 93 | NULL); /* use default compile context */ 94 | 95 | if (rule->pattern_re == NULL) { 96 | PCRE2_UCHAR errbuffer[512]; 97 | pcre2_get_error_message(errornumber, errbuffer, sizeof(errbuffer)); 98 | LOGE("PCRE2 regex compilation failed at offset %d: %s\n", (int)erroroffset, 99 | errbuffer); 100 | return 0; 101 | } 102 | 103 | rule->pattern_re_match_data = pcre2_match_data_create_from_pattern(rule->pattern_re, NULL); 104 | 105 | if (rule->pattern_re_match_data == NULL) { 106 | ERROR("PCRE2: the memory for the block could not be obtained"); 107 | return 0; 108 | } 109 | } 110 | 111 | return 1; 112 | } 113 | 114 | rule_t * 115 | lookup_rule(const struct cork_dllist *rules, const char *name, size_t name_len) 116 | { 117 | struct cork_dllist_item *curr, *next; 118 | 119 | if (name == NULL) { 120 | name = ""; 121 | name_len = 0; 122 | } 123 | 124 | cork_dllist_foreach_void(rules, curr, next) { 125 | rule_t *rule = cork_container_of(curr, rule_t, entries); 126 | if (pcre2_match( 127 | rule->pattern_re, /* the compiled pattern */ 128 | (PCRE2_SPTR)name, /* the subject string */ 129 | name_len, /* the length of the subject */ 130 | 0, /* start at offset 0 in the subject */ 131 | 0, /* default options */ 132 | rule->pattern_re_match_data, /* block for storing the result */ 133 | NULL /* use default match context */ 134 | ) >= 0) 135 | return rule; 136 | } 137 | 138 | return NULL; 139 | } 140 | 141 | void 142 | remove_rule(rule_t *rule) 143 | { 144 | cork_dllist_remove(&rule->entries); 145 | free_rule(rule); 146 | } 147 | 148 | static void 149 | free_rule(rule_t *rule) 150 | { 151 | if (rule == NULL) 152 | return; 153 | 154 | ss_free(rule->pattern); 155 | if (rule->pattern_re != NULL) { 156 | pcre2_code_free(rule->pattern_re); /* data and the compiled pattern. */ 157 | rule->pattern_re = NULL; 158 | } 159 | if (rule->pattern_re_match_data != NULL) { 160 | pcre2_match_data_free(rule->pattern_re_match_data); /* Release memory used for the match */ 161 | rule->pattern_re_match_data = NULL; 162 | } 163 | ss_free(rule); 164 | } 165 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/rule.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * Copyright (c) 2011 Manuel Kasper 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions are met: 8 | * 9 | * 1. Redistributions of source code must retain the above copyright notice, 10 | * this list of conditions and the following disclaimer. 11 | * 2. Redistributions in binary form must reproduce the above copyright 12 | * notice, this list of conditions and the following disclaimer in the 13 | * documentation and/or other materials provided with the distribution. 14 | * 15 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 16 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 19 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 20 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 21 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 22 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 23 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 24 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 25 | * POSSIBILITY OF SUCH DAMAGE. 26 | */ 27 | #ifndef RULE_H 28 | #define RULE_H 29 | 30 | #ifdef HAVE_CONFIG_H 31 | #include "config.h" 32 | #endif 33 | 34 | #include 35 | 36 | /* 37 | * The PCRE2_CODE_UNIT_WIDTH macro must be defined before including pcre2.h. 38 | * For a program that uses only one code unit width, setting it to 8, 16, or 32 39 | * makes it possible to use generic function names such as pcre2_compile(). Note 40 | * that just changing 8 to 16 (for example) is not sufficient to convert this 41 | * program to process 16-bit characters. Even in a fully 16-bit environment, where 42 | * string-handling functions such as strcmp() and printf() work with 16-bit 43 | * characters, the code for handling the table of named substrings will still need 44 | * to be modified. 45 | */ 46 | /* we only need to support ASCII chartable, thus set it to 8 */ 47 | #define PCRE2_CODE_UNIT_WIDTH 8 48 | 49 | #include 50 | 51 | typedef struct rule { 52 | char *pattern; 53 | 54 | /* Runtime fields */ 55 | pcre2_code *pattern_re; 56 | pcre2_match_data *pattern_re_match_data; 57 | 58 | struct cork_dllist_item entries; 59 | } rule_t; 60 | 61 | void add_rule(struct cork_dllist *, rule_t *); 62 | int init_rule(rule_t *); 63 | rule_t *lookup_rule(const struct cork_dllist *, const char *, size_t); 64 | void remove_rule(rule_t *); 65 | rule_t *new_rule(); 66 | int accept_rule_arg(rule_t *, const char *); 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/server.h: -------------------------------------------------------------------------------- 1 | /* 2 | * server.h - Define shadowsocks server's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _SERVER_H 24 | #define _SERVER_H 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | #include "encrypt.h" 31 | #include "jconf.h" 32 | #include "resolv.h" 33 | #include "obfs.h" 34 | #include "protocol.h" 35 | 36 | #include "common.h" 37 | 38 | typedef struct listen_ctx { 39 | ev_io io; 40 | int fd; 41 | int timeout; 42 | int method; 43 | char *iface; 44 | struct ev_loop *loop; 45 | 46 | // SSR 47 | char *protocol_name; 48 | char *protocol_param; 49 | char *obfs_name; 50 | char *obfs_param; 51 | void **list_protocol_global; 52 | void **list_obfs_global; 53 | } listen_ctx_t; 54 | 55 | typedef struct server_ctx { 56 | ev_io io; 57 | ev_timer watcher; 58 | int connected; 59 | struct server *server; 60 | } server_ctx_t; 61 | 62 | typedef struct server { 63 | int fd; 64 | int stage; 65 | buffer_t *buf; 66 | ssize_t buf_capacity; 67 | buffer_t *header_buf; 68 | 69 | int auth; 70 | struct chunk *chunk; 71 | 72 | struct enc_ctx *e_ctx; 73 | struct enc_ctx *d_ctx; 74 | struct server_ctx *recv_ctx; 75 | struct server_ctx *send_ctx; 76 | struct listen_ctx *listen_ctx; 77 | struct remote *remote; 78 | 79 | struct ResolvQuery *query; 80 | 81 | struct cork_dllist_item entries; 82 | 83 | // SSR 84 | obfs *protocol; 85 | obfs *obfs; 86 | obfs_class *protocol_plugin; 87 | obfs_class *obfs_plugin; 88 | int obfs_compatible_state; 89 | int protocol_compatible_state; 90 | } server_t; 91 | 92 | typedef struct query { 93 | server_t *server; 94 | char hostname[257]; 95 | } query_t; 96 | 97 | typedef struct remote_ctx { 98 | ev_io io; 99 | int connected; 100 | struct remote *remote; 101 | } remote_ctx_t; 102 | 103 | typedef struct remote { 104 | int fd; 105 | buffer_t *buf; 106 | ssize_t buf_capacity; 107 | struct remote_ctx *recv_ctx; 108 | struct remote_ctx *send_ctx; 109 | struct server *server; 110 | 111 | // SSR 112 | int remote_index; 113 | } remote_t; 114 | 115 | #endif // _SERVER_H 116 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/tls.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2011 and 2012, Dustin Lundquist 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions are met: 7 | * 8 | * 1. Redistributions of source code must retain the above copyright notice, 9 | * this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 15 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 21 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 22 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 23 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 | * POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef TLS_H 27 | #define TLS_H 28 | 29 | #include "protocol.h" 30 | 31 | const protocol_t *const tls_protocol; 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/tls1.2_ticket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * http_simple.h - Define shadowsocksR server's buffers and callbacks 3 | * 4 | * Copyright (C) 2015 - 2016, Break Wa11 5 | */ 6 | 7 | #ifndef _TLS1_2_TICKET_H 8 | #define _TLS1_2_TICKET_H 9 | 10 | void * tls12_ticket_auth_init_data(); 11 | obfs * tls12_ticket_auth_new_obfs(); 12 | void tls12_ticket_auth_dispose(obfs *self); 13 | 14 | int tls12_ticket_auth_client_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity); 15 | int tls12_ticket_auth_client_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback); 16 | 17 | int tls12_ticket_auth_server_encode(obfs *self, char **pencryptdata, int datalength, size_t* capacity); 18 | int tls12_ticket_auth_server_decode(obfs *self, char **pencryptdata, int datalength, size_t* capacity, int *needsendback); 19 | 20 | #endif // _TLS1_2_TICKET_H 21 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/udprelay.h: -------------------------------------------------------------------------------- 1 | /* 2 | * udprelay.h - Define UDP relay's buffers and callbacks 3 | * 4 | * Copyright (C) 2013 - 2016, Max Lv 5 | * 6 | * This file is part of the shadowsocks-libev. 7 | * 8 | * shadowsocks-libev is free software; you can redistribute it and/or modify 9 | * it under the terms of the GNU General Public License as published by 10 | * the Free Software Foundation; either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * shadowsocks-libev is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU General Public License 19 | * along with shadowsocks-libev; see the file COPYING. If not, see 20 | * . 21 | */ 22 | 23 | #ifndef _UDPRELAY_H 24 | #define _UDPRELAY_H 25 | 26 | #include 27 | #include 28 | 29 | #include "encrypt.h" 30 | #include "jconf.h" 31 | #include "obfs.h" 32 | 33 | #ifdef MODULE_REMOTE 34 | #include "resolv.h" 35 | #endif 36 | 37 | #include "cache.h" 38 | 39 | #include "common.h" 40 | 41 | #define MAX_UDP_PACKET_SIZE (65507) 42 | 43 | #define DEFAULT_PACKET_SIZE 1397 // 1492 - 1 - 28 - 2 - 64 = 1397, the default MTU for UDP relay 44 | 45 | typedef struct server_ctx { 46 | ev_io io; 47 | int fd; 48 | int method; 49 | int auth; 50 | int timeout; 51 | const char *iface; 52 | struct cache *conn_cache; 53 | #ifdef MODULE_LOCAL 54 | const struct sockaddr *remote_addr; 55 | int remote_addr_len; 56 | #ifdef MODULE_TUNNEL 57 | ss_addr_t tunnel_addr; 58 | #endif 59 | #endif 60 | #ifdef MODULE_REMOTE 61 | struct ev_loop *loop; 62 | #endif 63 | // SSR 64 | obfs *protocol; 65 | obfs_class *protocol_plugin; 66 | void *protocol_global; 67 | } server_ctx_t; 68 | 69 | #ifdef MODULE_REMOTE 70 | typedef struct query_ctx { 71 | struct ResolvQuery *query; 72 | struct sockaddr_storage src_addr; 73 | buffer_t *buf; 74 | int addr_header_len; 75 | char addr_header[384]; 76 | struct server_ctx *server_ctx; 77 | struct remote_ctx *remote_ctx; 78 | } query_ctx_t; 79 | #endif 80 | 81 | typedef struct remote_ctx { 82 | ev_io io; 83 | ev_timer watcher; 84 | int af; 85 | int fd; 86 | int addr_header_len; 87 | char addr_header[384]; 88 | struct sockaddr_storage src_addr; 89 | #ifdef MODULE_REMOTE 90 | struct sockaddr_storage dst_addr; 91 | #endif 92 | struct server_ctx *server_ctx; 93 | } remote_ctx_t; 94 | 95 | #endif // _UDPRELAY_H 96 | -------------------------------------------------------------------------------- /shadowsocksr-libev/src/server/verify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * verify.h - Define shadowsocksR server's buffers and callbacks 3 | * 4 | * Copyright (C) 2015 - 2016, Break Wa11 5 | */ 6 | 7 | #ifndef _VERIFY_H 8 | #define _VERIFY_H 9 | 10 | obfs * verify_simple_new_obfs(); 11 | void verify_simple_dispose(obfs *self); 12 | 13 | int verify_simple_client_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 14 | int verify_simple_client_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 15 | 16 | int verify_simple_server_pre_encrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 17 | int verify_simple_server_post_decrypt(obfs *self, char **pplaindata, int datalength, size_t* capacity); 18 | 19 | #endif // _VERIFY_H 20 | -------------------------------------------------------------------------------- /simple-obfs/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-or-later 2 | # 3 | # Copyright (C) 2017-2019 Jian Chang 4 | # Copyright (C) 2021 ImmortalWrt.org 5 | 6 | include $(TOPDIR)/rules.mk 7 | 8 | PKG_NAME:=simple-obfs 9 | PKG_VERSION:=0.0.5 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE_PROTO:=git 13 | PKG_SOURCE_URL:=https://github.com/shadowsocks/simple-obfs.git 14 | PKG_SOURCE_DATE:=2019-08-17 15 | PKG_SOURCE_VERSION:=486bebd9208539058e57e23a12f23103016e09b4 16 | PKG_MIRROR_HASH:=b1ae62a6826616b35b6aea0c6b2d55b5f36da96be0cd1c229c263b508d1aeef0 17 | 18 | PKG_LICENSE:=GPL-3.0-or-later 19 | PKG_LICENSE_FILES:=LICENSE 20 | PKG_MAINTAINER:=Jian Chang 21 | 22 | PKG_BUILD_DEPENDS:=libev 23 | PKG_FIXUP:=autoreconf 24 | PKG_BUILD_PARALLEL:=1 25 | PKG_INSTALL:=1 26 | 27 | include $(INCLUDE_DIR)/package.mk 28 | 29 | define Package/simple-obfs/template 30 | SECTION:=net 31 | CATEGORY:=Network 32 | TITLE:=A simple obfuscating tool 33 | URL:=https://github.com/shadowsocks/simple-obfs 34 | DEPENDS:=+libpthread +libev 35 | endef 36 | 37 | define Package/simple-obfs-client 38 | $(call Package/simple-obfs/template) 39 | TITLE+= (client) 40 | PROVIDES:=simple-obfs 41 | endef 42 | 43 | define Package/simple-obfs-server 44 | $(call Package/simple-obfs/template) 45 | TITLE+= (server) 46 | endef 47 | 48 | define Package/simple-obfs/description 49 | Simple-obfs is a simple obfusacting tool, designed as plugin server of shadowsocks. 50 | endef 51 | 52 | Package/simple-obfs-client/description = $(Package/simple-obfs/description) 53 | Package/simple-obfs-server/description = $(Package/simple-obfs/description) 54 | 55 | CONFIGURE_ARGS += \ 56 | --disable-ssp \ 57 | --disable-documentation \ 58 | --disable-assert 59 | 60 | define Package/simple-obfs-client/install 61 | $(INSTALL_DIR) $(1)/usr/bin 62 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/obfs-local $(1)/usr/bin/ 63 | endef 64 | 65 | define Package/simple-obfs-server/install 66 | $(INSTALL_DIR) $(1)/usr/bin 67 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/obfs-server $(1)/usr/bin/ 68 | endef 69 | 70 | $(eval $(call BuildPackage,simple-obfs-client)) 71 | $(eval $(call BuildPackage,simple-obfs-server)) 72 | -------------------------------------------------------------------------------- /tcping/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=tcping 8 | PKG_VERSION:=0.3 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/Mattraks/tcping/tar.gz/$(PKG_VERSION)? 13 | PKG_HASH:=c703481d1751adf051dd3391c4dccdadc6dfca7484e636222b392e1213312e02 14 | 15 | PKG_LICENSE:=GPL-2.0-only 16 | PKG_LICENSE_FILE:=license.txt 17 | 18 | PKG_BUILD_PARALLEL:=1 19 | 20 | include $(INCLUDE_DIR)/package.mk 21 | 22 | define Package/tcping 23 | SECTION:=net 24 | CATEGORY:=Network 25 | TITLE:=tcping measures the latency of a tcp-connection 26 | URL:=https://github.com/jlyo/tcping 27 | endef 28 | 29 | define Package/tcping/install 30 | $(INSTALL_DIR) $(1)/usr/sbin 31 | $(INSTALL_BIN) $(PKG_BUILD_DIR)/tcping $(1)/usr/sbin 32 | endef 33 | 34 | $(eval $(call BuildPackage,tcping)) 35 | -------------------------------------------------------------------------------- /trojan/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (C) 2018-2019 wongsyrone 3 | # 4 | # This is free software, licensed under the GNU General Public License v3. 5 | # See /LICENSE for more information. 6 | # 7 | include $(TOPDIR)/rules.mk 8 | 9 | PKG_NAME:=trojan 10 | PKG_VERSION:=1.16.0 11 | PKG_RELEASE:=2 12 | 13 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 14 | PKG_SOURCE_URL:=https://codeload.github.com/trojan-gfw/trojan/tar.gz/v$(PKG_VERSION)? 15 | PKG_HASH:=86cdb2685bb03a63b62ce06545c41189952f1ec4a0cd9147450312ed70956cbc 16 | 17 | PKG_BUILD_PARALLEL:=1 18 | PKG_BUILD_DEPENDS:=openssl 19 | 20 | PKG_LICENSE:=GPL-3.0 21 | PKG_LICENSE_FILE:=LICENSE 22 | PKG_MAINTAINER:=GreaterFire 23 | 24 | include $(INCLUDE_DIR)/package.mk 25 | include $(INCLUDE_DIR)/cmake.mk 26 | 27 | TARGET_CXXFLAGS += -Wall -Wextra 28 | TARGET_CXXFLAGS += $(FPIC) 29 | 30 | # LTO 31 | TARGET_CXXFLAGS += -flto 32 | TARGET_LDFLAGS += -flto 33 | 34 | # CXX standard 35 | TARGET_CXXFLAGS += -std=c++11 36 | TARGET_CXXFLAGS := $(filter-out -O%,$(TARGET_CXXFLAGS)) -O3 37 | TARGET_CXXFLAGS += -ffunction-sections -fdata-sections 38 | TARGET_LDFLAGS += -Wl,--gc-sections 39 | 40 | CMAKE_OPTIONS += \ 41 | -DENABLE_MYSQL=OFF \ 42 | -DENABLE_NAT=ON \ 43 | -DENABLE_REUSE_PORT=ON \ 44 | -DENABLE_SSL_KEYLOG=ON \ 45 | -DENABLE_TLS13_CIPHERSUITES=ON \ 46 | -DFORCE_TCP_FASTOPEN=OFF \ 47 | -DSYSTEMD_SERVICE=OFF \ 48 | -DOPENSSL_USE_STATIC_LIBS=FALSE \ 49 | -DBoost_DEBUG=ON \ 50 | -DBoost_NO_BOOST_CMAKE=ON 51 | 52 | define Package/trojan 53 | SECTION:=net 54 | CATEGORY:=Network 55 | SUBMENU:=Web Servers/Proxies 56 | TITLE:=An unidentifiable mechanism that helps you bypass GFW 57 | URL:=https://github.com/trojan-gfw/trojan 58 | DEPENDS:= \ 59 | +libpthread +libstdcpp +libopenssl \ 60 | +boost +boost-system +boost-program_options +boost-date_time 61 | endef 62 | 63 | define Package/trojan/install 64 | $(INSTALL_DIR) $(1)/usr/sbin 65 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/trojan $(1)/usr/sbin/trojan 66 | endef 67 | 68 | $(eval $(call BuildPackage,trojan)) 69 | -------------------------------------------------------------------------------- /tuic-client/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-2.0-only 2 | # 3 | # Copyright (C) 2017-2020 Yousong Zhou 4 | # Copyright (C) 2021 ImmortalWrt.org 5 | 6 | include $(TOPDIR)/rules.mk 7 | 8 | PKG_NAME:=tuic-client 9 | PKG_VERSION:=1.0.0 10 | PKG_RELEASE:=1 11 | 12 | PKG_LICENSE_FILES:=LICENSE 13 | PKG_MAINTAINER:=Tianling Shen 14 | 15 | include $(INCLUDE_DIR)/package.mk 16 | 17 | TUIC_TYPE:=tuic-client-$(PKG_VERSION) 18 | TUIC_FOOT:=unknown-linux-musl 19 | ifeq ($(ARCH),aarch64) 20 | TUIC_ARCH:=$(TUIC_TYPE)-aarch64-$(TUIC_FOOT) 21 | PKG_HASH:=c29eaaf3bc05115acc7453ac26bacf9aff65211b1e8ca7f771b818248bec8601 22 | else ifeq ($(ARCH),arm) 23 | # Referred to golang/golang-values.mk 24 | ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE)))) 25 | ifeq ($(ARM_CPU_FEATURES),) 26 | TUIC_ARCH:=$(TUIC_TYPE)-armv7-$(TUIC_FOOT)eabi 27 | PKG_HASH:=33a83ab05dc1a598552bf1f27114502b12c94b6e5333c6ac2def3739c00a4daf 28 | else 29 | TUIC_ARCH:=$(TUIC_TYPE)-armv7-$(TUIC_FOOT)eabihf 30 | PKG_HASH:=e2cc1d81ac376ff2a94976e78c861f5cd21ad809ff5b587ae967e2a63e4c35e4 31 | endif 32 | else ifeq ($(ARCH),i386) 33 | TUIC_ARCH:=$(TUIC_TYPE)-i686-$(TUIC_FOOT) 34 | PKG_HASH:=67d930b4381a8848bf98acbccb538c73b72ca9dde0aed3705f73e62a9922f758 35 | else ifeq ($(ARCH),x86_64) 36 | TUIC_ARCH:=$(TUIC_TYPE)-x86_64-$(TUIC_FOOT) 37 | PKG_HASH:=180c562691247a7feddf553706bc8fd5b5b9de3027154f94a767ea907a45e2de 38 | # Set the default value to make OpenWrt Package Checker happy 39 | else 40 | PKG_SOURCE:=dummy 41 | PKG_HASH:=dummy 42 | endif 43 | 44 | define Download/tuic-client 45 | URL:=https://github.com/EAimTY/tuic/releases/download/$(TUIC_TYPE)/ 46 | URL_FILE:=$(TUIC_ARCH) 47 | FILE:=$(TUIC_ARCH) 48 | HASH:=$(PKG_HASH) 49 | endef 50 | 51 | define Package/tuic-client 52 | SECTION:=net 53 | CATEGORY:=Network 54 | SUBMENU:=Web Servers/Proxies 55 | TITLE:=Delicately-TUICed 0-RTT proxy protocol 56 | URL:=https://github.com/EAimTY/tuic/ 57 | DEPENDS:=@USE_MUSL @(aarch64||arm||i386||x86_64) @!(TARGET_x86_geode||TARGET_x86_legacy) 58 | endef 59 | 60 | define Build/Prepare 61 | $(call Build/Prepare/Default) 62 | ifneq ($(CONFIG_PACKAGE_tuic-client),) 63 | $(call Download,tuic-client) 64 | endif 65 | endef 66 | 67 | define Build/Compile 68 | endef 69 | 70 | define Package/tuic-client/install 71 | $(INSTALL_DIR) $(1)/usr/bin 72 | $(INSTALL_BIN) $(DL_DIR)/$(TUIC_ARCH) $(1)/usr/bin/tuic-client 73 | endef 74 | 75 | $(eval $(call BuildPackage,tuic-client)) -------------------------------------------------------------------------------- /v2ray-core/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=v2ray-core 8 | PKG_VERSION:=5.31.0 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/v2fly/v2ray-core/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=20895d4200d3b7906a3fba90690cc2e27239989acc9c31601f40f2f71827e2e5 14 | 15 | PKG_LICENSE:=MIT 16 | PKG_LICENSE_FILES:=LICENSE 17 | PKG_MAINTAINER:=Tianling Shen 18 | 19 | PKG_BUILD_DEPENDS:=golang/host 20 | PKG_BUILD_PARALLEL:=1 21 | PKG_USE_MIPS16:=0 22 | PKG_BUILD_FLAGS:=no-mips16 23 | 24 | GO_PKG:=github.com/v2fly/v2ray-core/v5 25 | GO_PKG_BUILD_PKG:=$(GO_PKG)/main 26 | GO_PKG_LDFLAGS_X:= \ 27 | $(GO_PKG).build=OpenWrt \ 28 | $(GO_PKG).version=$(PKG_VERSION) 29 | 30 | include $(INCLUDE_DIR)/package.mk 31 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 32 | 33 | define Package/v2ray/template 34 | TITLE:=A proxy platform to bypass network restrictions 35 | SECTION:=net 36 | CATEGORY:=Network 37 | URL:=https://www.v2fly.org 38 | endef 39 | 40 | define Package/v2ray-core 41 | $(call Package/v2ray/template) 42 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 43 | endef 44 | 45 | define Package/v2ray-extra 46 | $(call Package/v2ray/template) 47 | TITLE+= (extra resources) 48 | DEPENDS:=v2ray-core 49 | PKGARCH:=all 50 | endef 51 | 52 | define Package/v2ray/description 53 | Project V is a set of network tools that help you to build your own computer network. 54 | It secures your network connections and thus protects your privacy. 55 | endef 56 | 57 | define Package/v2ray-core/description 58 | $(call Package/v2ray/description) 59 | endef 60 | 61 | define Package/v2ray-extra/description 62 | $(call Package/v2ray/description) 63 | 64 | This includes extra resources for v2ray-core. 65 | endef 66 | 67 | define Package/v2ray-core/install 68 | $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) 69 | $(INSTALL_DIR) $(1)/usr/bin/ 70 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/v2ray 71 | endef 72 | 73 | define Package/v2ray-extra/install 74 | $(INSTALL_DIR) $(1)/usr/share/v2ray/ 75 | $(CP) $(PKG_BUILD_DIR)/release/extra/* $(1)/usr/share/v2ray/ 76 | endef 77 | 78 | $(eval $(call BuildPackage,v2ray-core)) 79 | $(eval $(call BuildPackage,v2ray-extra)) 80 | -------------------------------------------------------------------------------- /v2ray-plugin/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2020 SharerMax 4 | # Copyright (C) 2021 ImmortalWrt.org 5 | 6 | include $(TOPDIR)/rules.mk 7 | 8 | PKG_NAME:=v2ray-plugin 9 | PKG_VERSION:=5.25.0 10 | PKG_RELEASE:=1 11 | 12 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 13 | PKG_SOURCE_URL:=https://codeload.github.com/teddysun/v2ray-plugin/tar.gz/v$(PKG_VERSION)? 14 | PKG_HASH:=64d2cc376c16ade97b8e2cce69e0c98d74f530dcf8a30cf7d22255969ca5c10d 15 | 16 | PKG_LICENSE:=MIT 17 | PKG_LICENSE_FILES:=LICENSE 18 | PKG_MAINTAINER:=madeye 19 | 20 | PKG_BUILD_DEPENDS:=golang/host 21 | PKG_BUILD_PARALLEL:=1 22 | PKG_USE_MIPS16:=0 23 | PKG_BUILD_FLAGS:=no-mips16 24 | 25 | GO_PKG:=github.com/teddysun/v2ray-plugin 26 | GO_PKG_LDFLAGS_X:=main.VERSION=v$(PKG_VERSION) 27 | 28 | include $(INCLUDE_DIR)/package.mk 29 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 30 | 31 | define Package/v2ray-plugin 32 | SECTION:=net 33 | CATEGORY:=Network 34 | SUBMENU:=Web Servers/Proxies 35 | TITLE:=SIP003 plugin for shadowsocks, based on v2ray 36 | URL:=https://github.com/teddysun/v2ray-plugin 37 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 38 | endef 39 | 40 | $(eval $(call GoBinPackage,v2ray-plugin)) 41 | $(eval $(call BuildPackage,v2ray-plugin)) 42 | -------------------------------------------------------------------------------- /v2raya/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2021 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=v2rayA 8 | PKG_VERSION:=2.2.6.7 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/v2rayA/v2rayA/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=1cfc53a2e45a14db260c1e4bfec2d70cf79167fc2529d05835943ce77dac2c39 14 | PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/service 15 | 16 | PKG_LICENSE:=AGPL-3.0-only 17 | PKG_LICENSE_FILES:=LICENSE 18 | PKG_MAINTAINER:=Tianling Shen 19 | 20 | PKG_BUILD_DEPENDS:=golang/host 21 | PKG_BUILD_PARALLEL:=1 22 | PKG_USE_MIPS16:=0 23 | PKG_BUILD_FLAGS:=no-mips16 24 | 25 | GO_PKG:=github.com/v2rayA/v2rayA 26 | GO_PKG_LDFLAGS_X:= \ 27 | $(GO_PKG)/conf.Version=$(PKG_VERSION) \ 28 | $(GO_PKG)/core/iptables.TproxyNotSkipBr=true 29 | 30 | include $(INCLUDE_DIR)/package.mk 31 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 32 | 33 | TAR_OPTIONS+= --strip-components 1 34 | TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS) 35 | 36 | define Package/v2raya 37 | TITLE:=A Linux web GUI client of Project V 38 | SECTION:=net 39 | CATEGORY:=Network 40 | SUBMENU:=Web Servers/Proxies 41 | DEPENDS:=$(GO_ARCH_DEPENDS) \ 42 | +ca-bundle \ 43 | +kmod-nft-tproxy \ 44 | +xray-core 45 | URL:=https://v2raya.org 46 | endef 47 | 48 | define Package/v2raya/description 49 | v2rayA is a V2Ray Linux client supporting global transparent proxy, 50 | compatible with SS, SSR, Trojan(trojan-go), PingTunnel protocols. 51 | endef 52 | 53 | define Package/v2raya/conffiles 54 | /etc/v2raya/ 55 | /etc/config/v2raya 56 | endef 57 | 58 | WEB_FILE:=$(PKG_NAME)-web-$(PKG_VERSION).tar.gz 59 | define Download/v2raya-web 60 | URL:=https://github.com/v2rayA/v2rayA/releases/download/v$(PKG_VERSION)/ 61 | URL_FILE:=web.tar.gz 62 | FILE:=$(WEB_FILE) 63 | HASH:=d871f119812979a20da3f57a792d7842dad4c4b528c8ec9e4a9aea29b8508147 64 | endef 65 | 66 | define Build/Prepare 67 | $(call Build/Prepare/Default) 68 | 69 | ( \ 70 | mkdir -p $(PKG_BUILD_DIR)/server/router/web ; \ 71 | gzip -dc $(DL_DIR)/$(WEB_FILE) | $(HOST_TAR) -C $(PKG_BUILD_DIR)/server/router/web $(TAR_OPTIONS) ; \ 72 | ) 73 | endef 74 | 75 | define Package/v2raya/install 76 | $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) 77 | $(INSTALL_DIR) $(1)/usr/bin/ 78 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/v2rayA $(1)/usr/bin/v2raya 79 | 80 | $(INSTALL_DIR) $(1)/etc/config/ 81 | $(INSTALL_CONF) $(CURDIR)/files/v2raya.config $(1)/etc/config/v2raya 82 | $(INSTALL_DIR) $(1)/etc/init.d/ 83 | $(INSTALL_BIN) $(CURDIR)/files/v2raya.init $(1)/etc/init.d/v2raya 84 | endef 85 | 86 | $(eval $(call Download,v2raya-web)) 87 | $(eval $(call GoBinPackage,v2raya)) 88 | $(eval $(call BuildPackage,v2raya)) 89 | -------------------------------------------------------------------------------- /v2raya/files/v2raya.config: -------------------------------------------------------------------------------- 1 | 2 | config v2raya 'config' 3 | option enabled '0' 4 | 5 | # Listening address 6 | option address '0.0.0.0:2017' 7 | 8 | # Make sure your IPv6 network works fine before you turn it on. 9 | # Optional values: auto, on, off. 10 | option ipv6_support 'auto' 11 | 12 | # Experimental feature. Make sure you have installed nftables. 13 | # Optional values: auto, on, off. 14 | option nftables_support 'auto' 15 | 16 | # Optional values: trace, debug, info, warn or error 17 | option log_level 'info' 18 | 19 | # Maximum number of days to keep log files 20 | option log_max_days '3' 21 | 22 | option log_disable_color '1' 23 | 24 | option log_disable_timestamp '0' 25 | 26 | # Executable v2ray binary path. Auto-detect if put it empty 27 | option v2ray_bin '' 28 | 29 | # Additional v2ray config directory, files in it will be combined with config generated by v2rayA 30 | option v2ray_confdir '' 31 | 32 | # The executable file to run in the transparent proxy life-cycle. 33 | # v2rayA will pass in the --transparent-type (tproxy, redirect) 34 | # and --stage (pre-start, post-start, pre-stop, post-stop) arguments. 35 | option transparent_hook '' 36 | 37 | # The executable file to run in the v2ray-core life-cycle. 38 | # v2rayA will pass in the --stage (pre-start, post-start, pre-stop, post-stop) argument. 39 | option core_hook '' 40 | 41 | # The executable file to run in the v2ray-core life-cycle. 42 | # v2rayA will pass in the --stage (pre-start, post-start, pre-stop, post-stop) argument. 43 | option plugin_manager '' 44 | 45 | -------------------------------------------------------------------------------- /v2raya/files/v2raya.init: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Copyright (C) 2021 Tianling Shen 3 | 4 | USE_PROCD=1 5 | START=99 6 | 7 | CONF="v2raya" 8 | PROG="/usr/bin/v2raya" 9 | 10 | is_enabled() { 11 | local enabled 12 | config_get_bool enabled "$1" "$2" "${3:-0}" 13 | if [ "$enabled" -eq "1" ]; then 14 | return 0 15 | else 16 | return 1 17 | fi 18 | } 19 | 20 | append_env() { 21 | procd_append_param env "V2RAYA_$(echo "$1" | tr "[a-z]" "[A-Z]")"="$2" 22 | } 23 | 24 | append_env_arg() { 25 | local value 26 | config_get value "$1" "$2" $3 27 | [ -n "$value" ] && append_env "$2" "$value" 28 | } 29 | 30 | append_env_bool() { 31 | is_enabled "$1" "$2" && append_env "$2" "true" 32 | } 33 | 34 | start_service() { 35 | config_load "$CONF" 36 | 37 | is_enabled "config" "enabled" || return 1 38 | 39 | procd_open_instance "$CONF" 40 | procd_set_param command "$PROG" 41 | procd_set_param env XDG_DATA_HOME="/usr/share" 42 | 43 | append_env "config" "/etc/v2raya" 44 | append_env "log_file" "/var/log/v2raya/v2raya.log" 45 | 46 | append_env_arg "config" "address" "0.0.0.0:2017" 47 | append_env_arg "config" "ipv6_support" "auto" 48 | append_env_arg "config" "nftables_support" "auto" 49 | append_env_arg "config" "log_level" "info" 50 | append_env_arg "config" "log_max_days" "3" 51 | append_env_arg "config" "v2ray_bin" 52 | append_env_arg "config" "v2ray_confdir" 53 | append_env_arg "config" "transparent_hook" 54 | append_env_arg "config" "core_hook" 55 | append_env_arg "config" "plugin_manager" 56 | append_env_bool "config" "log_disable_color" 57 | append_env_bool "config" "log_disable_timestamp" 58 | 59 | procd_set_param limits core="unlimited" 60 | procd_set_param limits nofile="1000000 1000000" 61 | procd_set_param respawn 62 | procd_set_param stdout 1 63 | procd_set_param stderr 1 64 | 65 | procd_close_instance 66 | } 67 | 68 | reload_service() { 69 | stop 70 | start 71 | } 72 | 73 | service_triggers() { 74 | procd_add_reload_trigger "$CONF" 75 | } 76 | -------------------------------------------------------------------------------- /xray-core/Makefile: -------------------------------------------------------------------------------- 1 | include $(TOPDIR)/rules.mk 2 | 3 | PKG_NAME:=xray-core 4 | PKG_VERSION:=25.5.16 5 | PKG_RELEASE:=1 6 | 7 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 8 | PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)? 9 | PKG_HASH:=c856cd9abed7d28d3c7b856c0661cec5c85ba0669affa740c979cf40c2f73ee4 10 | 11 | PKG_MAINTAINER:=Tianling Shen 12 | PKG_LICENSE:=MPL-2.0 13 | PKG_LICENSE_FILES:=LICENSE 14 | 15 | PKG_BUILD_DIR:=$(BUILD_DIR)/Xray-core-$(PKG_VERSION) 16 | PKG_BUILD_DEPENDS:=golang/host 17 | PKG_BUILD_PARALLEL:=1 18 | PKG_USE_MIPS16:=0 19 | PKG_BUILD_FLAGS:=no-mips16 20 | 21 | GO_PKG:=github.com/xtls/xray-core 22 | GO_PKG_LDFLAGS:=-s -w 23 | GO_PKG_BUILD_PKG:=$(GO_PKG)/main 24 | GO_PKG_LDFLAGS_X:= \ 25 | $(GO_PKG)/core.build=OpenWrt \ 26 | $(GO_PKG)/core.version=$(PKG_VERSION) 27 | 28 | include $(INCLUDE_DIR)/package.mk 29 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 30 | 31 | define Package/xray-core 32 | TITLE:=A platform for building proxies to bypass network restrictions 33 | SECTION:=net 34 | CATEGORY:=Network 35 | URL:=https://xtls.github.io 36 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 37 | endef 38 | 39 | define Package/xray-core/description 40 | Xray, Penetrates Everything. It helps you to build your own computer network. 41 | It secures your network connections and thus protects your privacy. 42 | endef 43 | 44 | define Package/xray-core/install 45 | $(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR)) 46 | $(INSTALL_DIR) $(1)/usr/bin/ 47 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/main $(1)/usr/bin/xray 48 | endef 49 | 50 | $(eval $(call BuildPackage,xray-core)) 51 | -------------------------------------------------------------------------------- /xray-plugin/Makefile: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: GPL-3.0-only 2 | # 3 | # Copyright (C) 2022 ImmortalWrt.org 4 | 5 | include $(TOPDIR)/rules.mk 6 | 7 | PKG_NAME:=xray-plugin 8 | PKG_VERSION:=1.8.24 9 | PKG_RELEASE:=1 10 | 11 | PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz 12 | PKG_SOURCE_URL:=https://codeload.github.com/teddysun/xray-plugin/tar.gz/v$(PKG_VERSION)? 13 | PKG_HASH:=dc7d7bff3dfa66c002bd043c7ee60e61aecec2f548275da809f1390c45611836 14 | 15 | PKG_LICENSE:=MIT 16 | PKG_LICENSE_FILES:=LICENSE 17 | PKG_MAINTAINER:=Tianling Shen 18 | 19 | PKG_BUILD_DEPENDS:=golang/host 20 | PKG_BUILD_PARALLEL:=1 21 | PKG_USE_MIPS16:=0 22 | PKG_BUILD_FLAGS:=no-mips16 23 | 24 | GO_PKG:=github.com/teddysun/xray-plugin 25 | 26 | include $(INCLUDE_DIR)/package.mk 27 | include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk 28 | 29 | define Package/xray-plugin 30 | SECTION:=net 31 | CATEGORY:=Network 32 | SUBMENU:=Web Servers/Proxies 33 | TITLE:=SIP003 plugin for Shadowsocks, based on Xray 34 | URL:=https://github.com/teddysun/xray-plugin 35 | DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle 36 | endef 37 | 38 | $(eval $(call GoBinPackage,xray-plugin)) 39 | $(eval $(call BuildPackage,xray-plugin)) 40 | --------------------------------------------------------------------------------